What is the likely cause of this issue?

Last Updated on September 15, 2021 by Admin 2

A VPC endpoint for Amazon CloudWatch Logs was recently added to a company’s VPC. The company’s system administrator has verified that private DNS is enabled and that the appropriate route tables and security groups have been updated. The role attached to the Amazon EC2 instance is:

SCS-C01 AWS Certified Security – Specialty Part 13 Q08 046
SCS-C01 AWS Certified Security – Specialty Part 13 Q08 046

The CloudWatch Logs agent is running and attempting to write to a CloudWatch Logs stream in the same AWS account. However, no logs are being updated in CloudWatch Logs.

What is the likely cause of this issue?

  • The EC2 instance role is not allowing the appropriate Put actions.
  • The EC2 instance role policy is incorrect and should be changed to:

    SCS-C01 AWS Certified Security – Specialty Part 13 Q08 047
    SCS-C01 AWS Certified Security – Specialty Part 13 Q08 047
  • The CloudWatch Logs endpoint policy is not allowing the appropriate Put actions.
  • The CloudWatch Logs resource policy is not allowing the appropriate List actions.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments