Amazon Exam SOA-C02 Topic 5 Question 112 Discussion

Actual exam question for Amazon's SOA-C02 exam

Question #: 112
Topic #: 5

A company observes that a newly created Amazon CloudWatch alarm is not transitioning out of the INSUFFICIENT_DATA state. The alarm was created to track the mem_used_percent metric from an Amazon EC2 instance that is deployed in a public subnet.

A review of the EC2 instance shows that the unified CloudWatch agent is installed and is running. However, the metric is not available in CloudWatch. A SysOps administrator needs to implement a solution to resolve this problem

Which solution will meet these requirements?

AEnable CloudWatch detailed monitoring for the EC2 instance.

BCreate an 1AM instance profile that contains CloudWatch permissions. Add the instance profile to the EC2 instance.

CMigrate the EC2 instance into a private subnet

DCreate an 1AM user that has an access key ID and a secret access key. Update the unified CloudWatch agent configuration file to use those credentials.

Show Suggested Answer

Suggested Answer: B

Objective:

Ensure the mem_used_percent metric from the EC2 instance is available in Amazon CloudWatch.

Root Cause:

The unified CloudWatch agent requires IAM permissions to publish custom metrics to CloudWatch.

If an IAM instance profile is not attached or is missing necessary permissions, the metric will not appear in CloudWatch.

Solution Implementation:

Step 1: Create an IAM role with the required permissions:

Use the AmazonCloudWatchAgentServerPolicy managed policy, which grants permissions for the CloudWatch agent to send metrics.

Step 2: Create an IAM instance profile for the role.

Step 3: Attach the instance profile to the EC2 instance.

Step 4: Restart the unified CloudWatch agent on the EC2 instance to apply the changes:

bash

Copy code

sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a stop

sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a start

AWS Reference:

Unified CloudWatch Agent Configuration: CloudWatch Agent Permissions

Why Other Options Are Incorrect:

Option A: Enabling detailed monitoring only collects predefined metrics; it does not affect custom metrics like mem_used_percent.

Option C: The subnet (public or private) does not affect the collection of metrics by the CloudWatch agent.

Option D: Using IAM user credentials is not a best practice for EC2 instances; instance profiles are the recommended method.

by Ronnie at Mar 06, 2025, 03:08 PM

Limited Time Offer

25%

Off

Get Premium SOA-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Vince

3 days ago

Hmm, I think the correct answer is B. Adding an IAM instance profile with CloudWatch permissions should do the trick. The agent is already installed, so it just needs the right permissions to access CloudWatch.

upvoted 0 times

...

Stephanie

4 days ago

I disagree, I believe creating an 1AM instance profile with CloudWatch permissions and adding it to the EC2 instance is the way to go.

upvoted 0 times

...

Gregoria

5 days ago

I think the solution is to enable CloudWatch detailed monitoring for the EC2 instance.

upvoted 0 times

...