You are the administrator for your company. You have set up Instances in a Custom VPC. You have set the Security groups and Network ACLs for the Instances and subnets respectively. The desired traffic is not reaching the instance. You need to diagnose the issue and see why the traffic is not reaching the instance. Which of the following would help in such a situation?

Answer options:

A.Usage of AWS CloudWatch logs
B.Usage of AWS VPC Flow logs
C.Usage of AWS Cloudtrail logs
D.Usage of AWS Trusted Advisor

Correct Answer: B
The AWS Documentation mentions the following.
VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data can be published to Amazon CloudWatch Logs and Amazon S3. After you`ve created a flow log, you can retrieve and view its data in the chosen destination.
Flow logs can help you with some tasks, for example, to troubleshoot why specific traffic is not reaching an instance, which helps you diagnose overly restrictive security group rules. You can also use flow logs as a security tool to monitor the traffic reaching your instance.
Option A is incorrect since this will not provide you with detailed traffic logs.
Option C is incorrect since this is an API monitoring tool.
Option D is incorrect since this can only provide you recommendations but not tell you why the traffic is being blocked.
For more information on VPC Flow Logs, please refer to the below URL-
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html