Multiple Choice
An application has been written that publishes custom metrics to Amazon CloudWatch. Recently, IAM changes have been made on the account and the metrics are no longer being reported. Which of the following is the LEAST permissive solution that will allow the metrics to be delivered?
A) Add a statement to the IAM policy used by the application to allow logs:putLogEvents and logs:createLogStream Add a statement to the IAM policy used by the application to allow logs:putLogEvents and logs:createLogStream
B) Modify the IAM role used by the application by adding the CloudWatchFullAccess managed policy. Modify the IAM role used by the application by adding the CloudWatchFullAccess managed policy.
C) Add a statement to the IAM policy used by the application to allow cloudwatch:putMetricData . cloudwatch:putMetricData .
D) Add a trust relationship to the IAM role used by the application for cloudwatch.amazonaws.com . Add a trust relationship to the IAM role used by the application for cloudwatch.amazonaws.com
Correct Answer:
Verified
Correct Answer:
Verified
Q207: A company wants to control access to
Q208: A company had one of its Amazon
Q209: A Security Engineer must design a solution
Q210: The AWS Systems Manager Parameter Store is
Q211: A Development team has built an experimental
Q213: A company is using AWS Organizations to
Q214: A company has complex connectivity rules governing
Q215: An Amazon S3 bucket is encrypted using
Q216: A company's security information events management (SIEM)
Q217: A distributed web application is installed across