An application has been written that publishes custom metrics to Amazon CloudWatch. Recently, IAM changes have been made on the account and the metrics are no longer being reported. Which of the following is the LEAST permissive solution that will allow the metrics to be delivered?
A) Add a statement to the IAM policy used by the application to allow logs:putLogEvents and logs:createLogStream Add a statement to the IAM policy used by the application to allow logs:putLogEvents and logs:createLogStream
B) Modify the IAM role used by the application by adding the CloudWatchFullAccess managed policy. Modify the IAM role used by the application by adding the CloudWatchFullAccess managed policy.
C) Add a statement to the IAM policy used by the application to allow cloudwatch:putMetricData . cloudwatch:putMetricData .
D) Add a trust relationship to the IAM role used by the application for cloudwatch.amazonaws.com . Add a trust relationship to the IAM role used by the application for cloudwatch.amazonaws.com
Correct Answer:
Verified
Q264: A security team is implementing a centralized
Q265: A company is developing an ecommerce application.
Q266: A company uses AWS CodePipeline for its
Q267: Auditors for a health care company have
Q268: A Security Engineer has several thousand Amazon
Q270: A security engineer needs to build a
Q271: An organization has a multi-petabyte workload that
Q272: A public subnet contains two Amazon EC2
Q273: A security engineer has noticed an unusually
Q274: An application is running on an Amazon
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents