A company wants to use AWS Systems Manager to manage a fleet of Amazon EC2 instances. According to the company's security requirements, no EC2 instances can have internet access. A solutions architect needs to design network connectivity from the EC2 instances to Systems Manager while fulfilling this security obligation.
Which solution will meet these requirements?

A. Deploy the EC2 instances into a private subnet with no route to the internet.

B. Configure an interface VPC endpoint for Systems Manager. Update routes to use the endpoint.

C. Deploy a NAT gateway into a public subnet. Configure private subnets with a default route to the NAT gateway.

D. Deploy an internet gateway. Configure a network ACL to deny traffic to all destinations except Systems Manager.








 

Suggested Answer: B

Community Answer: B

Reference:
https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-create-vpc.html

 This question is in SAA-C02 AWS Certified Solutions Architect – Associate Exam
For getting AWS Certified Solutions Architect – Associate Certificate




Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.