A software development company has multiple engineers who are working remotely. The company is running Active Directory Domain Services (AD DS) on an Amazon EC2 instance. The company's security policy states that all internal, nonpublic services that are deployed in a VPC must be accessible through a VPN. Multi-factor authentication (MFA) must be used for access to a VPN.
What should a solutions architect do to meet these requirements?
To meet the requirements of providing secure, MFA-enabled VPN access to internal, nonpublic services deployed in a VPC while integrating with Active Directory Domain Services (AD DS), the correct solution is to create an AWS Client VPN endpoint. An AWS Client VPN endpoint allows for secure connections from client devices to AWS or on-premises networks. By using an AD Connector directory for integration with AD DS and enabling multi-factor authentication (MFA), the security policies of the company are met effectively. AWS Client VPN supports MFA, ensuring secure authentication for users accessing the VPN.
A: Site-to-Site VPN is for connecting networks, not giving users access. B is correct. C is rubbish: AWS Copilot is for deploying containers (and it's bloody good!) D is also rubbish: WorkLink is for website and webapp access, not VPN access.
#A - workspaces client for remote desktop access and not for VPN #C - AWS VPN CloudHub for connecting multiple on-premises or offices, and not for individual VPN connection #D - WorkLink for secure access from mobile devices and not for VPN connection
has to be B
Answer is B. Client VPN provides Active Directory support by integrating with AWS Directory Service. Client VPN supports multi-factor authentication (MFA) when it's enabled for AWS Managed Microsoft AD or AD Connector. https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/ad.html C. WHY Copilot? D. Worklink is Provide secure mobile access to your internal websites and web apps.
No doubt that answer B will collect all the events from accounts in the organizations. But the requirement is "A solutions architect must design a solution that turns on AWS CloudTrail in all AWS accounts." Can answer B turn on AWS CloudTrail in all AWS accounts.?