Which steps should the security engineer take to satisfy this requirement maintaining least privilege?
Enable AWS Systems Manager in the AWS Management Console and configure for access to EC2 instances using the default AmazonEC2RoleforSSM role. Install the Systems Manager Agent on all EC2 Linux instances that need interactive access. Configure IAM user policies to allow development team access to the Systems Manager Session Manager and attach to the team’s IAM users.
Enable console SSH access in the EC2 console. Configure IAM user policies to allow development team access to the AWS Systems Manager Session Manager and attach to the development team’s IAM users.
Enable AWS Systems Manager in the AWS Management Console and configure to access EC2 instances using the default AmazonEC2RoleforSSM role. Install the Systems Manager Agent on all EC2 Linux instances that need interactive access. Configure a security group that allows SSH port 22 from all published IP addresses. Configure IAM user policies to allow development team access to the AWS Systems Manager Session Manager and attach to the team’s IAM users.
Enable AWS Systems Manager in the AWS Management Console and configure to access EC2 instances using the default AmazonEC2RoleforSSM role. Install the Systems Manager Agent on all EC2 Linux instances that need interactive access. Configure IAM user policies to allow development team access to the EC2 console and attach to the team’s IAM users.
Explanations:
This option correctly enables AWS Systems Manager, allowing interactive access to EC2 instances without opening SSH ports. It uses the AmazonEC2RoleforSSM role and requires the Systems Manager Agent, ensuring secure access. IAM policies are configured to grant the development team access to Session Manager, adhering to the principle of least privilege.
This option suggests enabling console SSH access, which is not necessary when using Systems Manager Session Manager. It does not include the requirement to install the Systems Manager Agent or properly restrict access, failing to maintain least privilege.
Although this option correctly enables AWS Systems Manager, it incorrectly suggests opening SSH port 22 to all IP addresses. This approach compromises security by exposing the instances to potential attacks, violating the least privilege principle.
This option fails to mention the installation of the Systems Manager Agent and implies that IAM policies would grant access to the EC2 console instead of specifically Session Manager, which is not aligned with the requirement for interactive command line access through the console.
I strategize that the answer is:
Enable AWS Systems Manager in the AWS Management Console and configure for access to EC2 instances using the default AmazonEC2RoleforSSM role. Install the Systems Manager Agent on all EC2 Linux instances that need interactive access. Configure IAM user policies to allow development team access to the Systems Manager Session Manager and attach to the team’s IAM users.