71. VPC Flow Logs

VPC flow logs is a feature that enables to capture information about the IP traffic going to and from n/w interfaces in a VPC. Flow log data is stored using Cloud Watch logs. After we created a flow log, we can view and retrieve its data in Cloud Watch logs.

Flow logs can be created at 3 levels:
i. VPC
ii. Subnet
iii. Netwrok interface level

i. We cannot enable flow logs for VPCs that are peered with our VPC unless the peer VPC is in our account.
ii. We can tag flow logs.
iii. After we have created a flow log, we cannot change its configuration. For example, we cant associate a different IAM role with the flow log.

Not all IP traffic is being monitored:
i. Traffic generated by instances when they contact the DNS server. If you use your own DNS server, then all traffic to that DNS server is logged.
ii. Traffic generated by a windows instance for Amazon windows license activation.
iii. Traffic to and from 169.254.169.254 for instance metadata
iv. DHCP traffic
v. Traffic to the reserved IP address for the default VPC router.

Questions:
i. What is the purpose of VPC Flow Logs?
A. capture VPC error messages
B. capture IP traffic on network interfaces
C. monitor network performance
D. monitor netflow data from subnets
E. enable Syslog services for VPC
Answer (B)