Practice Test 3 | AWS Certified Solutions Architect Associate | SAA-C03 | Dumps | Mock Test

Answer – C

Ensure that the security group allows Inbound SSH traffic from the IT Administrator’s Workstation. Since Security groups are stateful, we do not have to configure outbound traffic. What enters the inbound traffic is allowed in the outbound traffic too.

Note: The default network ACL is configured to allow all traffic to flow in and out of the subnets to which it is associated. Since the question does not mention that it is a custom VPC we would assume it to be the default one.

Based on that Option C is the correct answer.

Since the IT administrator need to be provided ssh access to the instance. The traffic would be inbound to the instance. Security group being stateful means that return response to the allowed inbound request will be allowed and vice-versa.

Allowing the outbound traffic would mean that instance would ssh into the IT admin’s server and this server will send the response to the instance but it does not mean that IT admin would also be able to ssh into instance. SSh does not work like that.

To allow ssh you need to allow inbound ssh access over port 22 you can refer this:

• https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html

Prerequisites for ssh

Before you connect to your Linux instance, complete the following prerequisites:

• Install an SSH clientYour Linux computer most likely includes an SSH client by default. You can check for an SSH client by typing ssh at the command line. If your computer doesn’t recognize the command, the OpenSSH project provides a free implementation of the full suite of SSH tools. For more information, see http://www.openssh.com.
• Install the AWS CLI Tools(Optional) If you’re using a public AMI from a third party, you can use the command line tools to verify the fingerprint. For more information about installing the AWS CLI, see Getting Set Up in the AWS Command Line Interface User Guide.
• Get the ID of the instanceYou can get the ID of your instance using the Amazon EC2 console (from the Instance ID column). If you prefer, you can use the describe-instances (AWS CLI) or Get-EC2Instance (AWS Tools for Windows PowerShell) command.
• Get the public DNS name of the instanceYou can get the public DNS for your instance using the Amazon EC2 console. Check the Public DNS (IPv4) column. If this column is hidden, choose the Show/Hide icon and select Public DNS (IPv4). If you prefer, you can use the describe-instances (AWS CLI) or Get-EC2Instance(AWS Tools for Windows PowerShell) command.
• (IPv6 only) Get the IPv6 address of the instanceIf you’ve assigned an IPv6 address to your instance, you can optionally connect to the instance using its IPv6 address instead of a public IPv4 address or public IPv4 DNS hostname. Your local computer must have an IPv6 address and must be configured to use IPv6. You can get the IPv6 address of your instance using the Amazon EC2 console. Check the IPv6 IPsfield. If you prefer, you can use the describe-instances (AWS CLI) or Get-EC2Instance (AWS Tools for Windows PowerShell) command. For more information about IPv6, see IPv6 Addresses.
• Locate the private key and verify permissionsGet the fully-qualified path to the location on your computer of the .pem file for the key pair that you specified when you launched the instance. Verify that the .pem file has permissions of 0400, not 0777. For more information, see Error: Unprotected Private Key File.
• Get the default user name for the AMI that you used to launch your instance
  • For Amazon Linux 2 or the Amazon Linux AMI, the user name is ec2-user.
  • For a Centos AMI, the user name is centos.
  • For a Debian AMI, the user name is admin or root.
  • For a Fedora AMI, the user name is ec2-user or fedora.
  • For a RHEL AMI, the user name is ec2-user or root.
  • For a SUSE AMI, the user name is ec2-user or root.
  • For an Ubuntu AMI, the user name is ubuntu.
  • Otherwise, if ec2-user and root don’t work, check with the AMI provider.
• Enable inbound SSH traffic from your IP address to your instanceEnsure that the security group associated with your instance allows incoming SSH traffic from your IP address. The default security group for the VPC does not allow incoming SSH traffic by default. The security group created by the launch wizard enables SSH traffic by default. For more information, see Authorizing Inbound Traffic for Your Linux Instances.