Which method would be the MOST secure way to authenticate a CloudWatch PUT request?

September 18, 2021 by Admin

A Developer is creating an Auto Scaling group whose instances need to publish a custom metric to Amazon CloudWatch.

Which method would be the MOST secure way to authenticate a CloudWatch PUT request?

  • Create an IAM user with PutMetricData permission and put the user credentials in a private repository; have applications pull the credentials as needed.
  • Create an IAM user with PutMetricData permission, and modify the Auto Scaling launch configuration to inject the user credentials into the instance user data.
  • Modify the CloudWatch metric policies to allow the PutMetricData permission to instances from the Auto Scaling group.
  • Create an IAM role with PutMetricData permission and modify the Auto Scaling launching configuration to launch instances using that role.

Leave a Reply