ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 248 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 248
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A VPC endpoint for Amazon CloudWatch Logs was recently added to a company's VPC. The company's system administrator has verified that private DNS is enabled and that the appropriate route tables and security groups have been updated. The role attached to the Amazon EC2 instance is:

The CloudWatch Logs agent is running and attempting to write to a CloudWatch Logs stream in the same AWS account. However, no logs are being updated in
CloudWatch Logs.
What is the likely cause of this issue?

  • A. The EC2 instance role is not allowing the appropriate Put actions.
  • B. The EC2 instance role policy is incorrect and should be changed to:
  • C. The CloudWatch Logs endpoint policy is not allowing the appropriate Put actions.
  • D. The CloudWatch Logs resource policy is not allowing the appropriate List actions.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by vbal at Sept. 1, 2022, 10:38 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
vbal
Highly Voted 2 years, 10 months ago
The CloudWatch Logs endpoint policy is not allowing the appropriate Put actions.
upvoted 7 times
ITGURU51
2 years, 2 months ago
Also, the VPC endpoint uses a Logs endpoint policy to enable the desired permissions within AWS.
upvoted 1 times
...
...
Raphaello
Most Recent 1 year, 4 months ago
Selected Answer: C
CloudWatch endpoint policy is not allowing Put actions. The default endpoint policy is allow all, unless modified. https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html#default-endpoint-policy Correct answer is C.
upvoted 1 times
...
ITGURU51
2 years, 2 months ago
To allow the CloudWatch Logs agent to write to a CloudWatch Logs stream, you should include permissions for the logs:PutLogEvents and logs:CreateLogStream actions in your endpoint policy. These actions allow the agent to create log streams and send logs to CloudWatch Logs. C
upvoted 1 times
...
Mimikabs
2 years, 6 months ago
Selected Answer: C
The CloudWatch Logs endpoint policy is not allowing the appropriate Put actions
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel