Question #608
A developer manages a legacy application hosted on-premises, which is critical for several AWS-based applications. To ensure optimal performance, the developer needs to collect metrics from the on-premises application and monitor all systems centrally using Amazon CloudWatch. What should the developer do to achieve this?
Install the CloudWatch Logs Agent on the on-premises server and configure it to publish logs directly to CloudWatch using AWS access keys.
Deploy the CloudWatch agent on the on-premises server and configure it with IAM role credentials that grant permissions to publish metrics to CloudWatch.
Set up Amazon Kinesis Data Firehose to stream metrics from the on-premises server to an S3 bucket, then configure CloudWatch to read from the bucket.
Configure the on-premises server to send metrics to an Amazon EC2 instance running a custom script, which forwards the data to CloudWatch.
Explanation
Answer B is correct because the CloudWatch agent is the proper tool to collect metrics from on-premises servers. While IAM roles cannot be directly assigned to on-premises servers, the agent can be configured with IAM user credentials (access keys) that grant permissions to publish metrics to CloudWatch. The question's phrasing about 'IAM role credentials' is misleading but refers to the required permissions.
Option A is incorrect because the CloudWatch Logs Agent only handles logs, not metrics. Option C is overly complex and does not directly publish metrics to CloudWatch. Option D introduces unnecessary complexity by routing through an EC2 instance. The key takeaway is that the CloudWatch agent is required for metrics, and IAM credentials (via a user) must be configured for on-premises systems.
Answer
The correct answer is: B