AWS Certified Cloud Practitioner

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Install and configure the CloudWatch agent on instances; attach an IAM role to allow instances to write logs to CloudWatch.

Best practice is to install CloudWatch agent on EC2, configure it to collect logs, and use IAM role attached to instance with permissions to write to CloudWatch Logs (no keys in users). Console doesn't auto install agent.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Install and configure the CloudWatch agent on instances; attach an IAM role to allow instances to write logs to CloudWatch.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company moved servers to EC2 and wants to track instance logs using CloudWatch Logs. What should be done in compliance with AWS best practices?

Exam-Like

UAnonymous

Last updated: April 30, 2026 at 11:42

Configure CloudWatch from the Console; wait for AWS to automatically install agents.

Install and configure the CloudWatch agent on instances; attach an IAM role to allow instances to write logs to CloudWatch.

Install and configure the CloudWatch agent; attach an IAM user to allow instances to write logs.

Install and configure the CloudWatch agent; attach security groups to allow instances to write logs.