SAA-C03 · Question #668
SAA-C03 Question #668: Real Exam Question with Answer & Explanation
The correct answer is D: Create an IAM role than grants Amazon EC2 permission to access Systems Manager. Associate. For AWS Systems Manager Session Manager to connect to an EC2 instance in a private subnet without internet access, the instance must have an IAM role that grants permissions to communicate with Systems Manager (SSM). Associating this IAM role with the EC2 instance profile allows
Question
A cloud engineer wants to use AWS Systems Manager Session Manager to access an Amazon EC2 instance. The EC2 instance runs in a private VPC that does not have an internet gateway. Which solution will meet these requirements?
Options
- AGenerate a new EC2 key pair. Stop the EC2 instance and assign the new key to the instance.
- BMove the EC2 instance to a public subnet.
- CCreate an inbound rule in the security group that is assigned to the EC2 instance. Configure the
- DCreate an IAM role than grants Amazon EC2 permission to access Systems Manager. Associate
Explanation
For AWS Systems Manager Session Manager to connect to an EC2 instance in a private subnet without internet access, the instance must have an IAM role that grants permissions to communicate with Systems Manager (SSM). Associating this IAM role with the EC2 instance profile allows it to connect securely to SSM through the AWS private network (via VPC endpoints if configured), without needing an internet gateway or inbound access.
Community Discussion
No community discussion yet for this question.