AWS Certified SysOps Administrator – Associate — Question 472

A company runs thousands of Amazon EC2 instances that are based on the Amazon Linux 2 Amazon Machine Image (AMI). A SysOps administrator must implement a solution to record commands and output from any user that needs an interactive session on one of the EC2 instances. The solution must log the data to a durable storage location. The solution also must provide automated notifications and alarms that are based on the log data.

Which solution will meet these requirements with the MOST operational efficiency?

Answer options

• A. Configure command session logging on each EC2 instance. Configure the unified Amazon CloudWatch agent to send session logs to Amazon CloudWatch Logs. Set up query filters and alerts by using Amazon Athena.
• B. Require all users to use a central bastion host when they need command line access to an EC2 instance. Configure the unified Amazon CloudWatch agent on the bastion host to send session logs to Amazon CloudWatch Logs. Set up a metric filter and a metric alarm for relevant security findings in CloudWatch Logs.
• C. Require all users to use AWS Systems Manager Session Manager when they need command line access to an EC2 instance. Configure Session Manager to stream session logs to Amazon CloudWatch Logs. Set up a metric filter and a metric alarm for relevant security findings in CloudWatch Logs.
• D. Configure command session logging on each EC2 instance. Require all users to use AWS Systems Manager Run Command documents when they need command line access to an EC2 instance. Configure the unified Amazon CloudWatch agent to send session logs to Amazon CloudWatch Logs. Set up CloudWatch alarms that are based on Amazon Athena query results.

Correct answer: C

Explanation

AWS Systems Manager Session Manager offers a secure, agent-based connection method that eliminates the need to manage bastion hosts or open inbound ports. It natively integrates with Amazon CloudWatch Logs to stream session command history and output without requiring manual agent configuration on thousands of instances. Once the logs are in CloudWatch, setting up a metric filter and alarm is the most direct and operationally efficient way to trigger automated notifications.