A security engineer is tasked with forwarding custom application-security logs from an Amazon EC2 instance to Amazon CloudWatch. The engineer has successfully installed the CloudWatch agent on the EC2 instance and has correctly specified the log file path in the CloudWatch configuration file. Despite these configurations, the logs are not being received by CloudWatch. The engineer has verified that the awslogs service is active and functioning on the EC2 instance. What should be the next step taken by the engineer to ensure that the logs are successfully forwarded to CloudWatch?

Exam-Like

Add AWS CloudTrail to the trust policy of the EC2 instance. Send the custom logs to CloudTrail instead of CloudWatch.

0.0%

Add Amazon S3 to the trust policy of the EC2 instance. Configure the application to write the custom logs to an S3 bucket that CloudWatch can use to ingest the logs.

25.0%

Add Amazon Inspector to the trust policy of the EC2 instance. Use Amazon Inspector instead of the CloudWatch agent to collect the custom logs.

0.0%

Attach the CloudWatchAgentServerPolicy AWS managed policy to the EC2 instance role.

75.0%

AWS Certified Security - Specialty

Comments

Get started today