What should a SysOps administrator do to meet these requirements?
Configure CloudWatch from the AWS Management Console for all the instances that require monitoring by CloudWatch. AWS automatically installs and configures the agents for the specified instances.
Install and configure the CloudWatch agent on all the instances. Attach an IAM role to allow the instances to write logs to CloudWatch.
Install and configure the CloudWatch agent on all the instances. Attach an IAM user to allow the instances to write logs to CloudWatch.
Install and configure the CloudWatch agent on all the instances. Attach the necessary security groups to allow the instances to write logs to CloudWatch.
Explanations:
AWS does not automatically install and configure the CloudWatch agent. Manual installation and configuration of the CloudWatch agent is required to monitor memory utilization and disk space.
To track memory utilization and disk space, you must install the CloudWatch agent and configure it on the instances. An IAM role is required to grant the instances permissions to send data to CloudWatch.
An IAM user is not appropriate for allowing EC2 instances to write logs to CloudWatch. IAM roles should be used for EC2 instances, not IAM users.
Security groups control network access, not permissions for writing logs to CloudWatch. An IAM role, not a security group, should be used for this purpose.
I estimate that the answer is:
Install and configure the CloudWatch agent on all the instances. Attach an IAM role to allow the instances to write logs to CloudWatch.
I value that the answer is:
Install and configure the CloudWatch agent on all the instances. Attach an IAM role to allow the instances to write logs to CloudWatch.