Which method would be the best way to authenticate your CloudWatch PUT request?

You are creating an Auto Scaling group whose Instances need to insert a custom metric into CloudWatch.
Which method would be the best way to authenticate your CloudWatch PUT request?

You are creating an Auto Scaling group whose Instances need to insert a custom metric into CloudWatch.
Which method would be the best way to authenticate your CloudWatch PUT request?

A.
Create an IAM role with the Put MetricData permission and modify the Auto Scaling launch configuration to
launch instances in that role

B.
Create an IAM user with the PutMetricData permission and modify the Auto Scaling launch configuration to
inject the userscredentials into the instance User Data

C.
Modify the appropriate Cloud Watch metric policies to allow the Put MetricData permission to instances
from the Auto Scaling group

D.
Create an IAM user with the PutMetricData permission and put the credentials in a private repository and
have applications on the server pull the credentials as needed

Show Hint

Leave a Reply 0

Your email address will not be published. Required fields are marked *

BigMike

BigMike

I suspect the correct Answer is C. Why bother to create a new IAM role just because of a custom metric? We would have tons of roles every time we have new metrics. Also refer to

http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/UsingIAM.html

More practical to be done on policy level

Reply

venkat sai

venkat sai

How will you allow the metric in instances ? Doesn’t the role associated with instance can have restrictions in accessing the metric data. I agree with Juan.

Reply

JK

JK

C is incorrect. Instances in the auto scaling group would be constantly changing, you would not be able to keep your policy up to date.

In any case you cannot apply a policy to a cloud watch metric. So the point is moot.

A is absolutely correct.

Reply

BDA

BDA

A “Access to Amazon CloudWatch requires credentials.” Credentials are best distributed as policies associated with roles. That way the EC2 instace can created endles custom metrics with one role.

D just doesn’t make sense

Reply

Juan Mesa

Juan Mesa

The correct answer is A. Creates an IAM role is always the best practice to give permissions to EC2 instances in order to interact with other AWS services.

Reply

Chef

Chef

I think the correct answer is B. We need to do a few things here to make a custom metric work.

AWS_CREDENTIAL_FILE or
both: EC2_PRIVATE_KEY and EC2_CERT

we need to enter this into the instance upon launch with a user data script.

as-create-launch-config

Reply

raj

raj

IAM role is the right answer as thats the way to allocate permission for AWS services to interact with EC2 in a secured way.

Reply

BDA

BDA

You R correct sir, the answer is A

Reply

Joshua Kim

Joshua Kim

The correct answer is A.

Reply