AWS DevOps Engineer Professional DOP-C01 – Question174

A company indexes all of its Amazon CloudWatch Logs on Amazon ES and uses Kibana to view a dashboard for actionable insight. The company wants to restrict user access to Kibana by user.
Which actions can a DevOps Engineer take to meet this requirement? (Choose two.)

A.
Create a proxy server with user authentication in an Auto Scaling group, and restrict access of the Amazon ES endpoint to an Auto Scaling group tag.
B. Create a proxy server with user authentication and an Elastic IP address, and restrict access of the Amazon ES endpoint to the IP address.
C. Create a proxy server with AWS IAM user, and restrict access of the Amazon ES endpoint to the IAM user.
D. Use AWS SSO to offer user name and password protection for Kibana.
E. Use Amazon Cognito to offer user name and password protection for Kibana.