A VPC endpoint for Amazon CloudWatch Logs was recently added to a company’s VPC. The company’s system administrator has verified that private DNS is enabled and that the appropriate route tables and security groups have been updated. The role attached to the Amazon EC2 instance is:
The CloudWatch Logs agent is running and attempting to write to a CloudWatch Logs stream in the same AWS account.
However, no logs are being updated in CloudWatch Logs.
What is the likely cause of this issue?
A. The EC2 instance role is not allowing the appropriate Put actions.
B. The EC2 instance role policy is incorrect and should be changed to:
C. The CloudWatch Logs endpoint policy is not allowing the appropriate Put actions.
D. The CloudWatch Logs resource policy is not allowing the appropriate List actions.
