Explanation:
To send OS-level logs from an Amazon EC2 instance to Amazon CloudWatch Logs, the unified CloudWatch agent must be installed and configured on the instance. Additionally, in accordance with AWS security best practices, the EC2 instance must be granted permissions to write to CloudWatch Logs via an IAM role attached as an instance profile. IAM users should not be attached to instances, and security groups control network traffic rather than API permissions.
Ultimate access to all questions.
Question 50
A company recently moved its server infrastructure to Amazon EC2 instances. The company wants to use Amazon CloudWatch Logs to track the instance logs. What should a SysOps administrator do to meet this requirement in compliance with AWS best practices?
A
Configure CloudWatch from the AWS Management Console for the instances. Wait for AWS to automatically install and configure the agents for the instances
B
Install and configure the CloudWatch agent on the instances. Attach an IAM role to allow the instances to write logs to CloudWatch
C
Install and configure the CloudWatch agent on the instances. Attach an IAM user to allow the instances to write logs to CloudWatch
D
Install and configure the CloudWatch agent on the instances. Attach the necessary security groups to allow the instances to write logs to CloudWatch
No comments yet.