Answer-first summary for fast verification
Answer: Assign an IAM user for the product manager with the CloudWatchReadOnlyAccess policy, sharing credentials and the dashboard URL.
The correct option is B because creating an IAM user ensures that access is granted following the principle of least privilege. By assigning the CloudWatchReadOnlyAccess AWS managed policy to the user, the product manager is granted the necessary permissions to view the CloudWatch dashboard without any additional access they do not need. Option A, while convenient, does not align with AWS best practices since directly sharing dashboards via email does not provide granular access control. Options C and D provide more permissions or complexity than required, thus not adhering to the principle of least privilege.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A company is launching an application with metrics displayed on an Amazon CloudWatch dashboard. The product manager, lacking an AWS account, requires periodic access following the principle of least privilege. What is the appropriate solution for granting access?
A
Enable sharing through the CloudWatch console by providing the product manager's email and a shareable dashboard link.
B
Assign an IAM user for the product manager with the CloudWatchReadOnlyAccess policy, sharing credentials and the dashboard URL.
C
Create an IAM user with the ViewOnlyAccess policy for employees, sharing credentials and instructing the product manager to find the dashboard in CloudWatch.
D
Use a bastion server in a public subnet, sharing RDP credentials as needed, and configure the browser for dashboard access with cached AWS credentials.
No comments yet.