AWS Certified DevOps Engineer – Professional (DOP-C02) — Question 190

A company has deployed a complex container-based workload on AWS. The workload uses Amazon Managed Service for Prometheus for monitoring. The workload runs in an Amazon
Elastic Kubernetes Service (Amazon EKS) cluster in an AWS account.

The company’s DevOps team wants to receive workload alerts by using the company’s Amazon Simple Notification Service (Amazon SNS) topic. The SNS topic is in the same AWS account as the EKS cluster.

Which combination of steps will meet these requirements? (Choose three.)

Answer options

• A. Use the Amazon Managed Service for Prometheus remote write URL to send alerts to the SNS topic
• B. Create an alerting rule that checks the availability of each of the workload’s containers.
• C. Create an alert manager configuration for the SNS topic.
• D. Modify the access policy of the SNS topic. Grant the aps.amazonaws.com service principal the sns:Publish permission and the sns:GetTopicAttributes permission for the SNS topic.
• E. Modify the IAM role that Amazon Managed Service for Prometheus uses. Grant the role the sns:Publish permission and the sns:GetTopicAttributes permission for the SNS topic.
• F. Create an OpenID Connect (OIDC) provider for the EKS cluster. Create a cluster service account. Grant the account the sns:Publish permission and the sns:GetTopicAttributes permission by using an IAM role.

Correct answer: B, C, D

Explanation

The correct steps include creating an alerting rule to monitor container availability (B), configuring the alert manager for the SNS topic (C), and adjusting the SNS topic's access policy to allow the necessary permissions (D). Options A, E, and F are not required for this specific setup, as the workflow does not necessitate using the remote write URL or modifying the IAM role for Prometheus or creating an OIDC provider.