ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 766 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 766
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company’s developers want a secure way to gain SSH access on the company's Amazon EC2 instances that run the latest version of Amazon Linux. The developers work remotely and in the corporate office.

The company wants to use AWS services as a part of the solution. The EC2 instances are hosted in a VPC private subnet and access the internet through a NAT gateway that is deployed in a public subnet.

What should a solutions architect do to meet these requirements MOST cost-effectively?

  • A. Create a bastion host in the same subnet as the EC2 instances. Grant the ec2:CreateVpnConnection IAM permission to the developers. Install EC2 Instance Connect so that the developers can connect to the EC2 instances.
  • B. Create an AWS Site-to-Site VPN connection between the corporate network and the VPC. Instruct the developers to use the Site-to-Site VPN connection to access the EC2 instances when the developers are on the corporate network. Instruct the developers to set up another VPN connection for access when they work remotely.
  • C. Create a bastion host in the public subnet of the VPConfigure the security groups and SSH keys of the bastion host to only allow connections and SSH authentication from the developers’ corporate and remote networks. Instruct the developers to connect through the bastion host by using SSH to reach the EC2 instances.
  • D. Attach the AmazonSSMManagedInstanceCore IAM policy to an IAM role that is associated with the EC2 instances. Instruct the developers to use AWS Systems Manager Session Manager to access the EC2 instances.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Andy_09 at Feb. 5, 2024, 10:06 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
alawada
Highly Voted 6 months, 1 week ago
Selected Answer: D
AWS Systems Manager Session Manager is a service that enables you to securely connect to your EC2 instances without using SSH keys or bastion hosts. You can use Session Manager to access your instances through the AWS Management Console, the AWS CLI, or the AWS SDKs. Session Manager uses IAM policies and roles to control who can access which instances. By attaching the AmazonSSMManagedlnstanceCore IAM policy to an IAM role that is associated with the EC2 instances, you grant the Session Manager service the necessary permissions to perform actions on your instances. You also need to attach another IAM policy to the developers' IAM users or roles that allows them to start sessions to the instances.
upvoted 7 times
...
Andy_09
Highly Voted 7 months, 3 weeks ago
Option D
upvoted 5 times
...
LeonSauveterre
Most Recent 3 months, 1 week ago
Selected Answer: D
A - Bastion hosts are typically placed in public subnets (not private subnets). Also, see option C below. B - Would work, but this is too complex and too expensive. C - An additional EC2 instance (bastion host) = instance running costs + endless maintenance. D - God yes. No need to manage SSH keys, and access is encrypted by default.
upvoted 1 times
...
TruthWS
6 months ago
Option D
upvoted 3 times
...
Mikado211
6 months, 1 week ago
Selected Answer: D
SSM is always the recommended way of connection for EC2 "using ssh". It's the most cost effective and the most secure way of doing the job.
upvoted 2 times
...
iczcezar
7 months, 1 week ago
Why not C?
upvoted 2 times
pila21
6 months, 1 week ago
it doesn`t meet requirements MOST cost-effectively
upvoted 3 times
...
...
kempes
7 months, 3 weeks ago
Selected Answer: D
Option D
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago