Which solution will meet these requirements?
Use AWS Control Tower to connect to the EC2 instances. Configure Amazon CloudWatch logging for the sessions. Select the upload session logs option and allow only encrypted CloudWatch Logs log groups.
Use AWS Security Hub to connect to the EC2 instances. Configure Amazon CloudWatch logging for the sessions. Select the upload session logs option and allow only encrypted CloudWatch Logs log groups.
Use AWS Systems Manager Session Manager to connect to the EC2 instances. Configure Amazon CloudWatch monitoring to record the sessions. Select the store session logs option for the desired CloudWatch Logs log groups.
Use AWS Systems Manager Session Manager to connect to the EC2 instances. Configure Amazon CloudWatch logging. Select the upload session logs option and allow only encrypted CloudWatch Logs log groups.
Explanations:
AWS Control Tower is a service for governance and managing multi-account AWS environments. It does not facilitate direct access to EC2 instances for session management.
AWS Security Hub is a security service for aggregating security findings and does not provide capabilities for securely connecting to EC2 instances or managing sessions.
Although AWS Systems Manager Session Manager is the correct tool for secure access, this option incorrectly describes the configuration for session log storage.
AWS Systems Manager Session Manager allows secure access without opening inbound ports. It can log session activity to CloudWatch, with options for encrypted log groups.