AWS Certified SysOps Administrator – Associate (legacy) — Question 671

After installing and configuring the Amazon CloudWatch agent on an EC2 instance, the anticipated system logs are not being received by CloudWatch Logs.
Which of the following are likely to be the cause of this problem? (Choose two.)

Answer options

• A. A custom of third-party solution for logs is being used.
• B. The IAM role attached to the EC2 instance does not have the proper permissions.
• C. The CloudWatch agent does not support the operating system used.
• D. A billing constraint is limiting the number of CloudWatch Logs within this account.
• E. The EC2 instance is in a private subnet, and the VPC does not have a NAT gateway.

Correct answer: B, D

Explanation

The CloudWatch agent requires an attached IAM role with appropriate permissions (such as CloudWatchAgentServerPolicy) to successfully write logs to CloudWatch. Additionally, billing constraints or account-level limits can prevent new logs from being ingested into the service. Other options are incorrect because the successful installation of the agent rules out operating system incompatibility, and network routing or third-party software issues are not the primary causes described here.