Your company has a set of EC2 Instances defined in a VPC. They need to monitor the traffic flowing into the Instances. They also need to monitor all the AWS API calls occurring on the EC2 Instances. Which of the following services can help fulfill this requirement?

Answer options:

A.Amazon CloudWatch Logs and VPC Flow Logs
B.AWS CloudTrail and VPC Flow Logs
C.AWS CloudTrail and CloudWatch Logs
D.AWS CloudTrail and AWS Config

Answer – B
The AWS Documentation mentions the following.
VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data is stored using Amazon CloudWatch Logs. After you`ve created a flow log, you can view and retrieve its data in Amazon CloudWatch Logs.
AWS CloudTrail is an AWS service that helps you enable governance, compliance, and operational and risk auditing of your AWS account. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. Events include actions taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs.
Options A and C are invalid since CloudWatch Logs cannot capture traffic or API calls.
Option D is invalid because AWS Config cannot capture traffic.
For more information on VPC Flow logs, one can visit the below URL
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html
For more information on Cloudtrail, one can visit the below URL
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html