DOP-C02 Exam - Question 208

Question

A company has deployed a complex container-based workload on AWS. The workload uses Amazon Managed Service for Prometheus for monitoring. The workload runs in an Amazon

Elastic Kubernetes Service (Amazon EKS) cluster in an AWS account.

The company’s DevOps team wants to receive workload alerts by using the company’s Amazon Simple Notification Service (Amazon SNS) topic. The SNS topic is in the same AWS account as the EKS cluster.

Which combination of steps will meet these requirements? (Choose three.)

Examice · Accepted Answer

To meet the requirements of receiving workload alerts from the Amazon Managed Service for Prometheus to the Amazon SNS topic, follow these steps: First, create an alerting rule that checks the availability of each of the workload’s containers, ensuring the alerting mechanism triggers under the correct conditions. Then, create an alert manager configuration for the SNS topic to specify where the alerts should be sent. Finally, modify the access policy of the SNS topic to grant the aps.amazonaws.com service principal the sns:Publish and sns:GetTopicAttributes permissions, allowing Prometheus to interact with the SNS topic.

CloudHandsOn · Answer

I'll go with BC & E. Im convinced that the Prometheus service role will need permissions added to push messages to SNS topic

ogerber · Answer

https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-alert-manager.html

WhyIronMan · Answer

B,C,D.
There is no way to exclude D, as it is really necessary as per all AWS documentations.
You can be in doubt of all the others, but not D

dkp · Answer

ill go with bcd

c3518fc · Answer

Amazon Managed Service for Prometheus uses an IAM role to assume permissions, not a service principal. https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-alertmanager-IAM-permissions.html

that1guy · Answer

B, C, D, you need to grant the AMP Workspace access to the SQS queue via the SQS resource policy.

Jonalb · Answer

Answer:BCF

Jonalb · Answer

B. Create an alerting rule that checks the availability of each of the workload’s containers.
C/F. Given the options and AWS services' functionalities, a direct integration approach as described is not straightforward. However, understanding the need for configuration and permission settings, a combination of creating alerting rules (B) and configuring permissions correctly either through IAM roles or service accounts (F) seems most relevant. Implementing a custom solution or using third-party tools that can act as an intermediary might be necessary.
F. Create an OpenID Connect (OIDC) provider for the EKS cluster and configure permissions appropriately, which is a fundamental step in setting up Kubernetes services to interact with AWS services securely.

fdoxxx · Answer

Use the Amazon Managed Service for Prometheus remote write URL: You can configure Prometheus to send alerts to an external service, such as an SNS topic, by using the remote write URL. This URL can be obtained from Amazon Managed Service for Prometheus.
Modify the access policy of the SNS topic: Grant the aps.amazonaws.com service principal the necessary permissions (sns:Publish and sns:GetTopicAttributes) to publish to the SNS topic and get its attributes. This allows Amazon Managed Service for Prometheus to interact with the SNS topic.
Modify the IAM role that Amazon Managed Service for Prometheus uses: Grant the IAM role associated with Amazon Managed Service for Prometheus the necessary permissions (sns:Publish and sns:GetTopicAttributes) to interact with the SNS topic.
Options B, C, and F are not directly related to integrating Amazon Managed Service for Prometheus with Amazon SNS

Shasha1 · Answer

BCD
According to this reference D is for sure : https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-alertmanager-receiver-AMPpermission.html

DanShone · Answer

BCD Makes the most sense from the docs 
https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-alertmanager-receiver-AMPpermission.html

L1_ · Answer

B: https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-APIReference-CreateAlertManagerAlerts.html
C: https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-alertmanager-receiver-AMPpermission.html
D: https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-alertmanager-receiver-AMPpermission.html

seetpt · Answer

BCE for me

xdkonorek2 · Answer

https://docs.aws.amazon.com/prometheus/latest/userguide/Troubleshooting-alerting-no-policy.html

KaranNishad · Answer

BCD is answer

Gomer · Answer

B:(YES) Steps towards "configuring rules and the alert manager in Amazon Managed Service for Prometheus via the AWS management console." "define an alerting rule that causes the Alert Manager to send a notification if a certain condition (defined in expr) holds true for a specified time period (for)." cat << EOF > rules.yaml groups: [...] rules: - alert: metric:alerting_rule expr: rate(adot_test_counter0[5m]) > 0.014 for: 5m EOF C:(YES) Add "SNS receiver to" "alert manager configuration" using ARN of "SNS topic"(Q208.5) D:(YES) "Give Amazon Managed Service for Prometheus permission to send messages to" SNS "Choose Access policy and add the following policy statement to the existing policy." [...] "Principal": { "Service": "aps.amazonaws.com" }, "Action": [ "sns:Publish", "sns:GetTopicAttributes"

trungtd · Answer

Agree with BCD

DOP-C02 Exam - Question 208

Discussion