How can a security engineer provide the appropriate access to the EC2 instance to meet these requirements?
Use AWS Systems Manager Inventory to select the EC2 instance and connect. Provide the IAM user accounts with the permissions to use Systems Manager Inventory.
Use AWS Systems Manager Run Command to open an SSH connection to the EC2 instance. Provide the IAM user accounts with the permissions to use Run Command.
Use AWS Systems Manager Session Manager. Provide the IAM user accounts with the permissions to use Systems Manager Session Manager.
Connect to the EC2 instance as the ec2-user through the AWS Management Console’s EC2 SSH client method. Provide the IAM user accounts with access to use the EC2 service in the AWS Management Console.
Explanations:
AWS Systems Manager Inventory is used to collect and query metadata about EC2 instances. It does not allow establishing SSH sessions.
AWS Systems Manager Run Command is used for running commands on EC2 instances but does not support establishing interactive SSH sessions.
AWS Systems Manager Session Manager allows secure, interactive shell access to EC2 instances without SSH keys, meeting the requirement for access.
The EC2 SSH client method requires SSH key-based access and does not meet the requirement of not installing permanent SSH keys.
From what I’ve seen, the answer is:
Use AWS Systems Manager Session Manager. Provide the IAM user accounts with the permissions to use Systems Manager Session Manager.
I weigh that the answer is:
Use AWS Systems Manager Session Manager. Provide the IAM user accounts with the permissions to use Systems Manager Session Manager.