A company has hundreds of Amazon EC2 Linux-based instances in the AWS Cloud. Systems administrators have used shared SSH keys to manage the instances. After a recent audit, the company’s security team is mandating the removal of all shared keys. A solutions architect must design a solution that provides secure access to the EC2 instances. Which solution will meet this requirement with the LEAST amount of administrative overhead?
AUse AWS Systems Manager Session Manager to connect to the EC2 instances.
BUse AWS Security Token Service (AWS STS) to generate one-time SSH keys on demand.
CAllow shared SSH access to a set of bastion instances. Configure all other instances to allow only SSH access from the bastion instances.
DUse an Amazon Cognito custom authorizer to authenticate users. Invoke an AWS Lambda function to generate a temporary SSH key.