A Start-up firm is using an Amazon EC2 instance launched in Amazon VPC to deploy its applications.
They are using AWS Systems Manager to view & automate operational tasks for AWS resources.
The Security Team has mandated that all traffic flow between AWS Systems manager & managed instances launched in AWS should be highly secure. What configuration can be used to make this connectivity secure?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: C.
Communication between AWS Systems Manager & managed Instance can be established using interface VPC endpoint in an Amazon VPC.
With this setup, internet access is not required for a managed instance, and traffic can flow in a secure private connectivity.
Option A is incorrect as the Gateway VPC endpoint is not supported for AWS Systems Manager.
Options B & D are incorrect as with NAT devices, managed instance & System Manager traffic would be flowing over the internet instead of secure private connection.
For more information on private connectivity between AWS Systems Manager & managed instance, refer to the following URLs.
https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-create-vpc.html https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-getting-started-privatelink.htmlThe requirement is to establish highly secure communication between AWS Systems Manager and managed instances launched in AWS. To achieve this, we need to use an endpoint in the VPC.
Option A suggests using a Gateway VPC endpoint. A Gateway VPC endpoint is used to provide access to AWS services over an Amazon VPC endpoint. This option will not work as AWS Systems Manager is not a service that can be accessed over a Gateway VPC endpoint. Therefore, option A is incorrect.
Option B suggests configuring outbound internet access from the managed instance using a NAT instance. A NAT instance is used to provide internet access to instances in a private subnet. This option will not work as it does not provide a secure communication channel between AWS Systems Manager and managed instances. Therefore, option B is incorrect.
Option C suggests using an Interface VPC endpoint. An Interface VPC endpoint is used to provide secure access to AWS services over an Amazon VPC endpoint. This option is correct as we can configure AWS Systems Manager to use an Interface VPC endpoint to communicate with managed instances launched in AWS. This configuration will provide a highly secure communication channel between AWS Systems Manager and managed instances. Therefore, option C is the correct answer.
Option D suggests configuring outbound internet access from the managed instance using a NAT Gateway. A NAT Gateway is similar to a NAT instance, but it is a managed service provided by AWS. This option will not work as it does not provide a secure communication channel between AWS Systems Manager and managed instances. Therefore, option D is incorrect.
In conclusion, option C is the correct configuration that can be used to make connectivity between AWS Systems Manager and managed instances launched in AWS highly secure.