Amazon Exam SOA-C02 Topic 5 Question 112 Discussion

Actual exam question for Amazon's SOA-C02 exam

Question #: 112
Topic #: 5

A company observes that a newly created Amazon CloudWatch alarm is not transitioning out of the INSUFFICIENT_DATA state. The alarm was created to track the mem_used_percent metric from an Amazon EC2 instance that is deployed in a public subnet.

A review of the EC2 instance shows that the unified CloudWatch agent is installed and is running. However, the metric is not available in CloudWatch. A SysOps administrator needs to implement a solution to resolve this problem

Which solution will meet these requirements?

AEnable CloudWatch detailed monitoring for the EC2 instance.

BCreate an 1AM instance profile that contains CloudWatch permissions. Add the instance profile to the EC2 instance.

CMigrate the EC2 instance into a private subnet

DCreate an 1AM user that has an access key ID and a secret access key. Update the unified CloudWatch agent configuration file to use those credentials.

Show Suggested Answer

Suggested Answer: B

Objective:

Ensure the mem_used_percent metric from the EC2 instance is available in Amazon CloudWatch.

Root Cause:

The unified CloudWatch agent requires IAM permissions to publish custom metrics to CloudWatch.

If an IAM instance profile is not attached or is missing necessary permissions, the metric will not appear in CloudWatch.

Solution Implementation:

Step 1: Create an IAM role with the required permissions:

Use the AmazonCloudWatchAgentServerPolicy managed policy, which grants permissions for the CloudWatch agent to send metrics.

Step 2: Create an IAM instance profile for the role.

Step 3: Attach the instance profile to the EC2 instance.

Step 4: Restart the unified CloudWatch agent on the EC2 instance to apply the changes:

bash

Copy code

sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a stop

sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a start

AWS Reference:

Unified CloudWatch Agent Configuration: CloudWatch Agent Permissions

Why Other Options Are Incorrect:

Option A: Enabling detailed monitoring only collects predefined metrics; it does not affect custom metrics like mem_used_percent.

Option C: The subnet (public or private) does not affect the collection of metrics by the CloudWatch agent.

Option D: Using IAM user credentials is not a best practice for EC2 instances; instance profiles are the recommended method.

by Ronnie at Mar 06, 2025, 03:08 PM

Limited Time Offer

25%

Off

Get Premium SOA-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Bronwyn

6 days ago

I bet the engineer who set this up was on a coffee break. All they had to do was add the right permissions, but they went and made it a whole thing. Classic.

upvoted 0 times

...

Wayne

12 days ago

A public subnet? That's just asking for trouble! I'd say C is the way to go. Migrate that instance to a private subnet and watch the metric start flowing.

upvoted 0 times

...

Kerrie

15 days ago

I'm not sure, but migrating the EC2 instance into a private subnet could potentially solve the issue.

upvoted 0 times

...

Linn

25 days ago

Nah, I'd go with D. Updating the agent config to use IAM credentials is the way to go. Much simpler than messing with subnets or enabling detailed monitoring.

upvoted 0 times

Valda

11 hours ago

A) Enable CloudWatch detailed monitoring for the EC2 instance.

upvoted 0 times

...

Ty

5 days ago

Yeah, that sounds like the most straightforward solution.

upvoted 0 times

...

Celeste

6 days ago

D) Create an IAM user that has an access key ID and a secret access key. Update the unified CloudWatch agent configuration file to use those credentials.

upvoted 0 times

...

Vince

28 days ago

Hmm, I think the correct answer is B. Adding an IAM instance profile with CloudWatch permissions should do the trick. The agent is already installed, so it just needs the right permissions to access CloudWatch.

upvoted 0 times

Vilma

11 days ago

Yes, that makes sense. Adding an IAM instance profile with CloudWatch permissions should resolve the issue.

upvoted 0 times

...

Gerald

12 days ago

I agree, option B seems like the right solution. The instance just needs the proper permissions to access CloudWatch.

upvoted 0 times

...

Stephanie

29 days ago

I disagree, I believe creating an 1AM instance profile with CloudWatch permissions and adding it to the EC2 instance is the way to go.

upvoted 0 times

...

Gregoria

1 months ago

I think the solution is to enable CloudWatch detailed monitoring for the EC2 instance.

upvoted 0 times

...