Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam SOA-C02 Topic 5 Question 112 Discussion

Actual exam question for Amazon's SOA-C02 exam
Question #: 112
Topic #: 5
[All SOA-C02 Questions]

A company observes that a newly created Amazon CloudWatch alarm is not transitioning out of the INSUFFICIENT_DATA state. The alarm was created to track the mem_used_percent metric from an Amazon EC2 instance that is deployed in a public subnet.

A review of the EC2 instance shows that the unified CloudWatch agent is installed and is running. However, the metric is not available in CloudWatch. A SysOps administrator needs to implement a solution to resolve this problem

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: B

Objective:

Ensure the mem_used_percent metric from the EC2 instance is available in Amazon CloudWatch.

Root Cause:

The unified CloudWatch agent requires IAM permissions to publish custom metrics to CloudWatch.

If an IAM instance profile is not attached or is missing necessary permissions, the metric will not appear in CloudWatch.

Solution Implementation:

Step 1: Create an IAM role with the required permissions:

Use the AmazonCloudWatchAgentServerPolicy managed policy, which grants permissions for the CloudWatch agent to send metrics.

Step 2: Create an IAM instance profile for the role.

Step 3: Attach the instance profile to the EC2 instance.

Step 4: Restart the unified CloudWatch agent on the EC2 instance to apply the changes:

bash

Copy code

sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a stop

sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a start

AWS Reference:

Unified CloudWatch Agent Configuration: CloudWatch Agent Permissions

Why Other Options Are Incorrect:

Option A: Enabling detailed monitoring only collects predefined metrics; it does not affect custom metrics like mem_used_percent.

Option C: The subnet (public or private) does not affect the collection of metrics by the CloudWatch agent.

Option D: Using IAM user credentials is not a best practice for EC2 instances; instance profiles are the recommended method.


by Ronnie at Mar 06, 2025, 03:08 PM

Limited Time Offer

25%

Off

Get Premium SOA-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Bronwyn
19 days ago
I bet the engineer who set this up was on a coffee break. All they had to do was add the right permissions, but they went and made it a whole thing. Classic.
upvoted 0 times
...
Wayne
25 days ago
A public subnet? That's just asking for trouble! I'd say C is the way to go. Migrate that instance to a private subnet and watch the metric start flowing.
upvoted 0 times
Gail
11 days ago
C) Migrate the EC2 instance into a private subnet
upvoted 0 times
...
...
Kerrie
28 days ago
I'm not sure, but migrating the EC2 instance into a private subnet could potentially solve the issue.
upvoted 0 times
...
Linn
1 months ago
Nah, I'd go with D. Updating the agent config to use IAM credentials is the way to go. Much simpler than messing with subnets or enabling detailed monitoring.
upvoted 0 times
Lisandra
12 days ago
I think using IAM credentials is a better option in this case.
upvoted 0 times
...
Valda
13 days ago
A) Enable CloudWatch detailed monitoring for the EC2 instance.
upvoted 0 times
...
Ty
18 days ago
Yeah, that sounds like the most straightforward solution.
upvoted 0 times
...
Celeste
19 days ago
D) Create an IAM user that has an access key ID and a secret access key. Update the unified CloudWatch agent configuration file to use those credentials.
upvoted 0 times
...
...
Vince
1 months ago
Hmm, I think the correct answer is B. Adding an IAM instance profile with CloudWatch permissions should do the trick. The agent is already installed, so it just needs the right permissions to access CloudWatch.
upvoted 0 times
Vilma
24 days ago
Yes, that makes sense. Adding an IAM instance profile with CloudWatch permissions should resolve the issue.
upvoted 0 times
...
Gerald
25 days ago
I agree, option B seems like the right solution. The instance just needs the proper permissions to access CloudWatch.
upvoted 0 times
...
...
Stephanie
1 months ago
I disagree, I believe creating an 1AM instance profile with CloudWatch permissions and adding it to the EC2 instance is the way to go.
upvoted 0 times
...
Gregoria
1 months ago
I think the solution is to enable CloudWatch detailed monitoring for the EC2 instance.
upvoted 0 times
...

Save Cancel