Question 24
Domain 4: Monitoring and LoggingA company has deployed a complex container-based workload on AWS. The workload uses Amazon Managed Service for Prometheus for monitoring. The workload runs in an Amazon Elastic Kubernetes Service (Amazon EKS) cluster in an AWS account. The company’s DevOps team wants to receive workload alerts by using the company’s Amazon Simple Notification Service (Amazon SNS) topic. The SNS topic is in the same AWS account as the EKS cluster. Which combination of steps will meet these requirements? (Choose three.)
Correct answer: D
Explanation
Amazon Managed Service for Prometheus can evaluate alert rules and send notifications through Alertmanager, and SNS can be used as the notification target in the same AWS account. The workload runs in an Amazon EKS cluster, so the needed steps are to configure Prometheus alerting, connect Alertmanager to the SNS topic, and grant the required IAM permissions for publishing to SNS.
Why each option is right or wrong
A. Create an alerting rule that checks the availability of each of the workload’s containers.
Alert rules detect problems, but alone they do not deliver notifications to SNS.
B. Create an alert manager configuration for the SNS topic.
Alertmanager handles routing, but it still needs alert rules and SNS access permissions.
C. Modify the access policy of the SNS topic. Grant the aps.amazonaws.com service principal the sns:Publish permission and the sns:GetTopicAttributes permission for the SNS topic.
SNS permissions enable publishing, but without rules and Alertmanager nothing triggers or routes alerts.
D. All of the above
Each of the listed options is a valid answer; all are needed.