Create Customized Cross-Account Cross-Region Dashboards Permissions

Correct Answer: D.

Cloudwatch:PutDashboard API is used for creating or modifying dashboards.

Since the Operations Team can view dashboards, they already have permission for cloudwatch:GetDashboard and cloudwatch:ListDashboards.

Additional Sysops administrator has to provide permission to cloudwatch:PutDashboard API to create customized cross-account cross-regions dashboards.

Options A & B are incorrect as with these APIs, users will only be able to view dashboards.

Option C is incorrect as this is an invalid API for creating dashboards.

For more information on creating dashboards with Amazon CloudWatch, refer to the following URL,

https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Dashboards.html

The correct answer to this question is C. Create a custom policy having permission to cloudwatch:createDashboard API.

Explanation: To create customized cross-account cross-region dashboards in Amazon CloudWatch, the operations team members need permission to create dashboards using the cloudwatch:createDashboard API. Therefore, the Sysops administrator should create a custom policy granting this permission.

Option A, creating a custom policy with permission to cloudwatch:GetDashboard API, would allow the operations team to view existing dashboards, but not create new ones.

Option B, creating a custom policy with permission to cloudwatch:ListDashboard API, would allow the operations team to list the existing dashboards, but not create new ones.

Option D, creating a custom policy with permission to cloudwatch:PutDashboard API, would allow the operations team to create and update dashboards, but only within the same account and region. This permission does not allow for cross-account or cross-region dashboard creation.

Therefore, the correct permission to suffice the requirements of the operations team is to create a custom policy having permission to cloudwatch:createDashboard API.