Home › Forums › AWS › AWS Certified Solutions Architect Professional › Review/Timed Set 5 – SSH key rotation
-
Review/Timed Set 5 – SSH key rotation
Neil-TutorialsDojo updated 1 week, 1 day ago 2 Members · 4 Posts -
Category: CSAP – Continuous Improvement for Existing Solutions
A company hosts its core business applications on a fleet of Linux-based Amazon EC2 instances managed in AWS Systems Manager Fleet Manager. One day, an employee who maintained these instances abruptly resigned. The company is concerned that the employee who left might still possess a copy of the key pairs used to SSH to these instances, as this raises a security risk.
Which of the following options should the Solutions Architect implement to rotate the SSH keys successfully?
The 2 answer options involving updating the authorized_keys in the .ssh directory with the new public key (can be generated on EC2 console or via other tool), both incorrectly say “Utilize AWS Systems Manager Automation and choose the AWS-RunShellScript document to execute the shell script on these EC2 instances” <– should be via RUN Command. In fact, the explanation section explicitly calls out “AWS-RunShellScript document can’t be used in SSM Automation runbooks“.
So, this question has NO correct answer option to choose from despite the checker marks the one that says create the new key via EC2 console.
When I took the test in review mode on Aug 21, there was a correct option that says “Manually generate a new key pair and write a shell script that will update the authorized_keys in the .ssh directory based on the new public key value. Utilize AWS Systems Manager Run Command and choose AWS-RunShellScript document to execute the shell script on these EC2 instances.“
-
Hello AudreyST,
Good day!
Thank you for bringing this to our attention! You are indeed right in pointing out the distinction between Automation and Run Command. AWS Systems Manager Run Command is the correct tool to use for executing the AWS-RunShellScript document, as it allows direct command execution on EC2 instances. Automation, on the other hand, is more suited for complex workflows and orchestration rather than for simple script execution.
We will update the question accordingly, and the corrected version should be reflected soon. Thanks again for your valuable feedback!
Regards,
Neil @ Tutorials Dojo-
It has been a few weeks, the correct answer option is still not reflected. 😳
-
Hello @AudreyST,
Good day!
Thank you for following up.
I apologize for the delay in having the correct answer reflected on the portal. The update has already been made, and we’re just waiting for it to be reflected once our admin approves the changes.
We appreciate your patience, and if you have any other concerns in the meantime, please feel free to reach out.
Best regards,
Neil @ Tutorials Dojo
-
-
Log in to reply.