A Developer is creating an Auto Scaling group whose instances need to publish a custom metric to Amazon CloudWatch. Which method would be the MOST secure way to authenticate a CloudWatch PUT request?
A) Create an IAM user with PutMetricData permission and put the user credentials in a private repository; have applications pull the credentials as needed.
B) Create an IAM user with PutMetricData permission, and modify the Auto Scaling launch configuration to inject the user credentials into the instance user data.
C) Modify the CloudWatch metric policies to allow the PutMetricData permission to instances from the Auto Scaling group.
D) Create an IAM role with PutMetricData permission and modify the Auto Scaling launching configuration to launch instances using that role.

Question

Quizplus · Accepted Answer

Using an IAM role with the necessary permissions and associating it with the instances ensures that temporary credentials are securely provided to the instances, avoiding the need to hard-code or manually manage credentials.

A Developer Is Creating an Auto Scaling Group Whose Instances