A company recently launched many workloads on Amazon EC2 instances and needs a repeatable strategy to remotely and securely access and administer those instances using native AWS services that align with the AWS Well-Architected Framework. Which solution meets these requirements with the LEAST operational overhead?
Choose an answer
Tap an option to check your answer.
Correct answer: Attach the appropriate IAM role to each existing and new instance, and use AWS Systems Manager Session Manager to establish remote sessions..
Why this is the answer
Attaching an appropriate IAM role to EC2 instances and using AWS Systems Manager Session Manager provides secure, auditable, and low-overhead remote access. Session Manager eliminates the need to open inbound ports, manage SSH keys, or deploy bastion hosts, aligning with the Well-Architected Framework's security and operational excellence pillars. The EC2 serial console is primarily for troubleshooting boot issues, not routine administration. Using an administrative SSH key pair with a bastion host adds operational overhead for key management and bastion host maintenance. An AWS Site-to-Site VPN allows direct access but still requires managing SSH keys on instances and doesn't offer the same level of centralized control and auditing as Session Manager.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed