AWS Certified Developer – Associate — Question 312

A company runs an application on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group. The company has configured the Amazon CloudWatch agent to capture custom metrics within the instances. When the company launches new instances, the agent starts successfully, but it does not deliver any custom metrics to CloudWatch.

Which action will deliver the custom metrics to CloudWatch?

Answer options

• A. Ensure that the CloudWatch agent JSON configuration file has an IAM policy that has the CloudWatch:PutMetricLogs permission attached.
• B. Ensure that the role used in the EC2 Auto Scaling launch template has the CloudWatchAgentServerPolicy IAM policy attached.
• C. Attach the CloudWatchAgentServerPolicy IAM policy directly to the EC2 Auto Scaling launch template in the AWS Management Console.
• D. Attach a JSON script with the CloudWatch:PutMetricLogs permission to the EC2 Auto Scaling launch template in the AVVS Management Console.

Correct answer: B

Explanation

To allow the CloudWatch agent on EC2 instances to publish custom metrics, the instances must be associated with an IAM role that has the CloudWatchAgentServerPolicy attached. Options C and D are incorrect because IAM policies cannot be attached directly to a launch template; they must be attached to an IAM role (instance profile) that the template uses. Option A is incorrect because permissions are handled by AWS IAM roles assigned to the EC2 instance, not within the agent's local JSON configuration file.