A Developer is creating an Auto Scaling group whose instances need to publish a custom metric to Amazon CloudWatch.
Which method would be the MOST secure way to authenticate a CloudWatch PUT request?
A . Create an IAM user with PutMetricData permission and put the user credentials in a private repository; have applications pull the credentials as needed.
B . Create an IAM user with PutMetricData permission, and modify the Auto Scaling launch configuration to inject the user credentials into the instance user data.
C . Modify the CloudWatch metric policies to allow the PutMetricData permission to instances from the Auto Scaling group.
D . Create an IAM role with PutMetricData permission and modify the Auto Scaling launching configuration to launch instances using that role.
Answer: D
Leave a Reply