//
you're reading...

Which method would be the best way to authenticate your Cloud Watch PUT request?


You are creating an Auto Scaling group whose Instances need to insert a custom metric into Cloud Watch. Which method would
be the best way to authenticate your Cloud Watch PUT request?

A.
Create an IAM role with the Put Metric Data permission and modify the Auto Scaling launch configuration to launch instances
in that role

B.
Create an IAM user with the Put Metric Data permission and modify the Auto Scaling launch configuration to inject the users
credentials into the instance User Data

C.
Modify the appropriate Cloud Watch metric policies to allow the Put Metric Data permission to instances from the Auto Scaling
group

D.
Create an IAM user with the Put Metric Data permission and put the credentials in a private repository and have applications
on the server pull the credentials as needed

Discussion

5 Responses to “Which method would be the best way to authenticate your Cloud Watch PUT request?”

  1. raysmithvic1978 says:

    A

  2. JK says:

    A

    It is bad practice to use IAM user credentials in this situation and most certainly should not be storing these credentials in User Data or Code Repositories.

    Permissions should be granted to the EC2 IAM Role.

    http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#use-roles-with-ec2

  3. Ankit Shah says:

    A has to be A

  4. Nagarjuna D N says:

    A

Leave a Reply

Recent Comments