ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam ANS-C00 All Questions

View all questions & answers for the ANS-C00 exam
Go to Exam

Exam ANS-C00 topic 1 question 338 discussion

Exam question from Amazon's ANS-C00
Question #: 338
Topic #: 1
[All ANS-C00 Questions]

An AWS account owner has setup multiple IAM users. One of these IAM users, named John, has CloudWatch access, but no access to EC2 services. John has setup an alarm action which stops EC2 instances when their CPU utilization is below the threshold limit. When an EC2 instance's CPU Utilization rate drops below the threshold John has set, what will happen and why?

  • A. Nothing will happen. John cannot set an alarm on EC2 since he does not have the permission.
  • B. CloudWatch will stop the instance when the action is executed
  • C. Nothing will happen because it is not possible to stop the instance using the CloudWatch alarm
  • D. Nothing will happen. John can setup the action, but it will not be executed because he does not have EC2 access through IAM policies.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
Amazon CloudWatch alarms watch a single metric over a time period that the user specifies and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. The user can setup an action which stops the instances when their CPU utilization is below a certain threshold for a certain period of time. The EC2 action can either terminate or stop the instance as part of the EC2 action. If the IAM user has read/write permissions for Amazon CloudWatch but not for Amazon EC2, he can still create an alarm. However, the stop or terminate actions will not be performed on the
Amazon EC2 instance.
Reference:
http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/UsingAlarmActions.html
by ChauPhan at May 23, 2021, 6:52 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
namirmatar
Highly Voted 3 years, 7 months ago
This might be an old question, the current best practice is to use a service-linked IAM role, AWSServiceRoleForCloudWatchEvents. The AWSServiceRoleForCloudWatchEvents IAM role enables AWS to perform alarm actions on your behalf.
upvoted 6 times
sapien45
3 years, 2 months ago
Excellent answer
upvoted 2 times
...
...
ChauPhan
Most Recent 3 years, 8 months ago
D. Nothing will happen. John can setup the action, but it will not be executed because he does not have EC2 access through IAM policies.
upvoted 4 times
sapien45
3 years, 2 months ago
Useless answer
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel