A company is migrating its applications to the AWS Cloud. Each application will reside in its own AWS account after the migration. The applications will be hosted on Amazon EC2 Linux instances that need to be accessed through the shell for administration. The company's administrators want to use the AWS CLI from their laptops to interact with AWS and the EC2 instances.
The company is concerned that SSH access keys might be lost or become public. The company wants to avoid using long-term keys.
Which combination of steps should a solutions architect recommend to meet these requirements? (Choose three.)

A. Create subaccounts and cross-account roles for each of the applications. Create users. Assign cross-account roles to the users. Provide users with their initial credentials. B Configure AWS Single Sign-On. Create users. Assign the users the permission sets for the application accounts that they need to access. Provide users with their initial credentials.

B. Use AWS Systems Manager Session Manager to obtain shell access to the EC2 instances.

C. Create an organization in AWS Organizations with all features enabled to manage the accounts. Create subaccounts to host each of the applications.

D. Create an AWS Lambda function to rotate user access keys every 30 days.

E. Create an AWS Lambda function to rotate SSH keys for the EC2 instances every 30 days.






 

Suggested Answer: BCD

Community Answer: BCD




This question is in SAP-C01 AWS Certified Solutions Architect – Professional Exam
For getting AWS Certified Solutions Architect – Professional Certificate



Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.