Recently, IAM changes have been made on the account and the metrics are no longer being reported. Which of the following is the LEAST permissive solution that will allow the metrics to be delivered?

September 14, 2021 by Admin

An application has been written that publishes custom metrics to Amazon CloudWatch. Recently, IAM changes have been made on the account and the metrics are no longer being reported.

Which of the following is the LEAST permissive solution that will allow the metrics to be delivered?

  • Add a statement to the IAM policy used by the application to allow logs:putLogEvents and logs:createLogStream
  • Modify the IAM role used by the application by adding the CloudWatchFullAccess managed policy.
  • Add a statement to the IAM policy used by the application to allow cloudwatch:putMetricData.
  • Add a trust relationship to the IAM role used by the application for cloudwatch.amazonaws.com.

Leave a Reply