Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 319 discussion

I think this question is not really about Active Directory or AD Connector. A secure VPN connection is all you need in this question. The company has hardware can be used to establish an AWS S2S connection. In order to have a secure connection, the first thing you have to do is to implement a VPN connection between on-premise and target VPC. So C is the answer.

You cannot join an EC2 to On-prem AD just over the VPN. You should be having an AD connector for the same. https://aws.amazon.com/blogs/security/how-to-connect-your-on-premises-active-directory-to-aws-using-ad-connector/

B This solution integrates centralized user management with the company's on-premises Active Directory, meets the requirement of secure Remote Desktop connectivity, and is cost-effective. Configuring AWS Single Sign-On (SSO) with the AD Connector allows users to access EC2 Windows instances using their existing Active Directory credentials, which eliminates the need for additional infrastructure or configuration. Using Systems Manager Fleet Manager to access the target instances through RDP provides a secure and managed way to connect to EC2 instances without requiring a Remote Desktop Gateway or a bastion host.

Solution C is the most cost-effective: Implement a VPN between the on-premises environment and the target VPC, join the EC2 instances to the on-premises Active Directory domain over the VPN, configure RDP access through the VPN, and connect from the company's network. This approach leverages existing infrastructure, requires no additional managed services, utilizes existing hardware for the VPN, and provides direct connectivity without bastion hosts, minimizing costs.

1) using AD connector, AWS cloud IAM is authenticated against the on prem AD. extra Managed AD in AWS cloud is not required. 2) A cost effective, secure remote desktop setup is achieved with a fleet manager, accessed via console by IAM identity centre login against the on prem AD. Saving the cost of bastion host , vpn gateway or rdp gateway.

just c

I do not see any reasons why C would not work. And it is simpler than B.

C is the cheapest option

For me it's C. No need to Managed AD Connector. We have already a VPN, so we can leverage to spend less.

B for me

Ans C. If the VPC and the on-prem network are connected, there is no need for AD Connector, it works like any other interconnected networks. The EC2s must have DNS resolution, usually those will be the AD domain controllers (which in this case are located on prem).

It is B and not C. You need to AD connector to connect to on-premises AD. Did not find any article that suggests you can connect to on-premises AD over VPN without using AD connector or Active directory trust.

B is the right answer.

C is the answer. most cost-effective.

It is C

B is the answer. C would be the cheapest option, BUT it say's they currently access over the internet. This means that they don't have DNS appliances setup. Those are not included in the answer and they also cost money, making B the only real option here.

Answer: B Keyword "AWS IAM Identity Center (AWS Single Sign-On) "