[AWS] Certified Developer Associate Dump 문제 003

A Developer is creating an Auto Scaling group whose instances need to publish a custom metric to Amazon CloudWatch.
Which method would be the MOST secure way to authenticate a CloudWatch PUT request?

 

A. Create an IAM user with PutMetricData permission and put the user credentials in a private repository; have applications pull the credentials as needed.

B. Create an IAM user with PutMetricData permission, and modify the Auto Scaling launch configuration to inject the user credentials into the instance user data.

C. Modify the CloudWatch metric policies to allow the PutMetricData permission to instances from the Auto Scaling group.

D. Create an IAM role with PutMetricData permission and modify the Auto Scaling launching configuration to launch instances using that role.

---

개발자가 사용자 지정 메트릭을 Amazon CloudWatch에 게시해야 하는 인스턴스의 자동 확장 그룹을 만들고 있다.

CloudWatch PUT 요청을 인증하는 가장 안전한 방법은?

A. PutMetricData 권한을 가진 IAM 사용자를 생성하고 사용자 자격 증명을 개인 저장소에 저장한 후 응용 프로그램에서 필요에 따라 자격 증명을 끌어오도록 하십시오.
B. PutMetricData 권한을 가진 IAM 사용자를 생성하고 사용자 자격 증명을 인스턴스 사용자 데이터에 삽입하도록 자동 스케일링 시작 구성을 수정하십시오.
C. 자동 확장 그룹의 인스턴스에 대한 PutMetricData 권한을 허용하도록 CloudWatch 메트릭 정책을 수정하십시오.
D. PutMetricData 권한으로 IAM 역할을 생성하고 자동 스케일링 시작 구성을 수정하여 해당 역할을 사용하여 인스턴스를 시작하십시오.

 

---

정답↓

D.

PutMetricData 권한으로 IAM 역할 생성

Create an IAM role with PutMetricData permission