Looking into the VPC flow logs documentation, its mentioned ‘VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC.’
Does this explicitly/strictly mean ‘IP traffic within VPC’? If I have a Lambda function in a subnet with a NAT Gateway (i.e. access to public internet) and the lambda function gets an object from S3 (via public internet), would the outbound traffic flow from lambda-S3 also gets recorded in the VPC flow logs?
I hope someone from the Acloudguru team will answer this question.
Hi Deepak, API Gateway, Lambda and S3 are not VPC resources. Yes, you can create endpoints in VPC but if you are using serverless app you don’t need. To see API Gateway logs you need to setup CloudWatch. For Lambda troubleshooting you can use CloudWatch and X-Ray. For S3 you can enable Amazon S3 Server Access Logging.