Exam DOP-C02 All QuestionsBrowse all questions from this exam
Go to Exam
Question 208

A company has deployed a complex container-based workload on AWS. The workload uses Amazon Managed Service for Prometheus for monitoring. The workload runs in an Amazon

Elastic Kubernetes Service (Amazon EKS) cluster in an AWS account.

The company’s DevOps team wants to receive workload alerts by using the company’s Amazon Simple Notification Service (Amazon SNS) topic. The SNS topic is in the same AWS account as the EKS cluster.

Which combination of steps will meet these requirements? (Choose three.)

    Correct Answer: B, C, D

    To meet the requirements of receiving workload alerts from the Amazon Managed Service for Prometheus to the Amazon SNS topic, follow these steps: First, create an alerting rule that checks the availability of each of the workload’s containers, ensuring the alerting mechanism triggers under the correct conditions. Then, create an alert manager configuration for the SNS topic to specify where the alerts should be sent. Finally, modify the access policy of the SNS topic to grant the aps.amazonaws.com service principal the sns:Publish and sns:GetTopicAttributes permissions, allowing Prometheus to interact with the SNS topic.

Discussion
CloudHandsOnOptions: BCE

I'll go with BC & E. Im convinced that the Prometheus service role will need permissions added to push messages to SNS topic

that1guyOptions: BCD

B, C, D, you need to grant the AMP Workspace access to the SQS queue via the SQS resource policy.

vn_thanhtung

https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-alertmanager-receiver-AMPpermission.html Agree with BCD

c3518fcOptions: BCE

Amazon Managed Service for Prometheus uses an IAM role to assume permissions, not a service principal. https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-alertmanager-IAM-permissions.html

that1guy

This is incorrect. This is for users/tools to manage alerts, not to publish to SQS from AMP.

dkpOptions: BCD

ill go with bcd

WhyIronManOptions: BCD

B,C,D. There is no way to exclude D, as it is really necessary as per all AWS documentations. You can be in doubt of all the others, but not D

ogerberOptions: BCE

https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-alert-manager.html

trungtdOptions: BCD

Agree with BCD

GomerOptions: BCD

B:(YES) Steps towards "configuring rules and the alert manager in Amazon Managed Service for Prometheus via the AWS management console." "define an alerting rule that causes the Alert Manager to send a notification if a certain condition (defined in expr) holds true for a specified time period (for)." cat << EOF > rules.yaml groups: [...] rules: - alert: metric:alerting_rule expr: rate(adot_test_counter0[5m]) > 0.014 for: 5m EOF C:(YES) Add "SNS receiver to" "alert manager configuration" using ARN of "SNS topic"(Q208.5) D:(YES) "Give Amazon Managed Service for Prometheus permission to send messages to" SNS "Choose Access policy and add the following policy statement to the existing policy." [...] "Principal": { "Service": "aps.amazonaws.com" }, "Action": [ "sns:Publish", "sns:GetTopicAttributes"

Gomer

https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-alertmanager-receiver-config.html https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-alertmanager-receiver-AMPpermission.html https://aws.amazon.com/blogs/mt/amazon-managed-service-for-prometheus-is-now-generally-available/

KaranNishadOptions: BCD

BCD is answer

xdkonorek2Options: BCD

https://docs.aws.amazon.com/prometheus/latest/userguide/Troubleshooting-alerting-no-policy.html

seetptOptions: BCE

BCE for me

L1_Options: BCD

B: https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-APIReference-CreateAlertManagerAlerts.html C: https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-alertmanager-receiver-AMPpermission.html D: https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-alertmanager-receiver-AMPpermission.html

DanShoneOptions: BCD

BCD Makes the most sense from the docs https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-alertmanager-receiver-AMPpermission.html

Shasha1

BCD According to this reference D is for sure : https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-alertmanager-receiver-AMPpermission.html

fdoxxxOptions: ADE

Use the Amazon Managed Service for Prometheus remote write URL: You can configure Prometheus to send alerts to an external service, such as an SNS topic, by using the remote write URL. This URL can be obtained from Amazon Managed Service for Prometheus. Modify the access policy of the SNS topic: Grant the aps.amazonaws.com service principal the necessary permissions (sns:Publish and sns:GetTopicAttributes) to publish to the SNS topic and get its attributes. This allows Amazon Managed Service for Prometheus to interact with the SNS topic. Modify the IAM role that Amazon Managed Service for Prometheus uses: Grant the IAM role associated with Amazon Managed Service for Prometheus the necessary permissions (sns:Publish and sns:GetTopicAttributes) to interact with the SNS topic. Options B, C, and F are not directly related to integrating Amazon Managed Service for Prometheus with Amazon SNS

JonalbOptions: BCF

B. Create an alerting rule that checks the availability of each of the workload’s containers. C/F. Given the options and AWS services' functionalities, a direct integration approach as described is not straightforward. However, understanding the need for configuration and permission settings, a combination of creating alerting rules (B) and configuring permissions correctly either through IAM roles or service accounts (F) seems most relevant. Implementing a custom solution or using third-party tools that can act as an intermediary might be necessary. F. Create an OpenID Connect (OIDC) provider for the EKS cluster and configure permissions appropriately, which is a fundamental step in setting up Kubernetes services to interact with AWS services securely.

Jonalb

Answer:BCF