Which solution will meet these requirements?
Enable CloudWatch detailed monitoring for the EC2 instance
Create an IAM instance profile that contains CloudWatch permissions. Add the instance profile to the EC2 instance
Migrate the EC2 instance into a private subnet
Create an IAM user that has an access key ID and a secret access key. Update the unified CloudWatch agent configuration file to use those credentials
Explanations:
Enabling CloudWatch detailed monitoring increases the frequency of data points collected but does not directly affect the collection of custom metrics like mem_used_percent. The CloudWatch agent must be properly configured to publish this metric.
Creating an IAM instance profile with the necessary CloudWatch permissions allows the unified CloudWatch agent to publish custom metrics, such as mem_used_percent, to CloudWatch. Without these permissions, the agent cannot send data.
Migrating the EC2 instance to a private subnet does not resolve the issue with the metric not being available in CloudWatch. The metric availability is determined by the CloudWatch agent’s configuration and permissions, not the subnet location.
While using IAM user credentials in the CloudWatch agent configuration might allow it to send metrics, it is not the best practice compared to using an IAM instance profile. This method can lead to security vulnerabilities and does not solve the underlying issue of proper permissions.
It appears that the answer is:
Create an IAM instance profile that contains CloudWatch permissions. Add the instance profile to the EC2 instance