What will happen in this case?

An AWS account owner has setup multiple IAM users. One IAM user only has CloudWatch
access. He has setup the alarm action which stops the EC2 instances when the CPU utilization is
below the threshold limit. What will happen in this case?

An AWS account owner has setup multiple IAM users. One IAM user only has CloudWatch
access. He has setup the alarm action which stops the EC2 instances when the CPU utilization is
below the threshold limit. What will happen in this case?

A.
It is not possible to stop the instance using the CloudWatch alarm

B.
CloudWatch will stop the instance when the action is executed

C.
The user cannot set an alarm on EC2 since he does not have the permission

D.
The user can setup the action but it will not be executed if the user does not have EC2 rights

Explanation:
Amazon CloudWatch alarms watch a single metric over a time period that the user specifies and
performs one or more actions based on the value of the metric relative to a given threshold over a
number of time periods. The user can setup an action which stops the instances when their CPU
utilization is below a certain threshold for a certain period of time. The EC2 action can either
terminate or stop the instance as part of the EC2 action. If the IAM user has read/write
permissions for Amazon CloudWatch but not for Amazon EC2, he can still create an alarm.
However, the stop or terminate actions will not be performed on the Amazon EC2 instance.



Leave a Reply 3

Your email address will not be published. Required fields are marked *


jerome

jerome

If the user has only CloudWatch access, he won’t even be able to setup the alarm in the first place, if he tries he’ll get ‘A system administrator must provision SWF permissions for your IAM user so that the IAM user can perform this action.’. Hence C.