Home › AWS Security › cloudcomputing › scsloggingmon › A security engineer notices CloudWatch alarms ar…
A security engineer notices CloudWatch alarms aren't firing for an application metric. Which is the MOST LIKELY cause to check FIRST (per SCS-C02 §2.2)?
AThe application's IAM role lacks `cloudwatch:PutMetricData` (or the metric isn't being published at all)
BCloudWatch is offline globally
CAWS Snowball has been retired
DAmazon Route 53 is unhealthy
Answer & Solution
Correct answer: A. The application's IAM role lacks `cloudwatch:PutMetricData` (or the metric isn't being published at all)
Missing IAM permissions for metric publish is the canonical root cause (per SCS-C02 §2.2). The others are unrelated.
Related questions
Which AWS feature lets a security engineer aggregate AWS Config findings across all accounWhich AWS service streams logs in near-real-time to OpenSearch / S3 / Redshift / Splunk foWhich AWS service is BEST suited for monitoring Application Load Balancer access logs at pAn architect needs a CENTRALISED, immutable, write-once log archive across all AWS accountWhich CloudTrail feature lets a security engineer DETECT unusual API-call patterns (e.g. sWhich AWS service lets a security engineer query CloudWatch Logs with a purpose-built querWhich CloudWatch feature converts a regex pattern in log events into a metric — used to alWhich AWS service stores log data with subscription filters, metric filters, and integrati