Looking into the VPC flow logs documentation, its mentioned ‘VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC.’
Does this explicitly/strictly mean ‘IP traffic within VPC’? If I have a Lambda function in a subnet with a NAT Gateway (i.e. access to public internet) and the lambda function gets an object from S3 (via public internet), would the outbound traffic flow from lambda-S3 also gets recorded in the VPC flow logs?
I hope someone from the Acloudguru team will answer this question.
Hi Deepak, API Gateway, Lambda and S3 are not VPC resources. Yes, you can create endpoints in VPC but if you are using serverless app you don’t need. To see API Gateway logs you need to setup CloudWatch. For Lambda troubleshooting you can use CloudWatch and X-Ray. For S3 you can enable Amazon S3 Server Access Logging.
FYI – this was one of the answer choice in a test and I need to understand this to select the correct answers, The underlying question was ‘how to find the root cause of a HTTP 504 error returned by API-Gateway that integrates with Lambda. Lambda access S3’. One of the right answer was to use x-ray as per (https://docs.aws.amazon.com/lambda/latest/dg/troubleshooting.html). I am trying to understand if VPC Flow logs is also useful to find the root cause.
Thanks for the clarification Deepak. My first thought was the answer should be VPC Flow logs. However X-Ray makes more sense as a native debugging tool.