Guide: Understanding Amazon VPC Flow Logs

Amazon VPC Flow Logs is a feature provided by AWS that enables users to capture and inspect network traffic in their VPC. This tool can be used for a variety of purposes, including troubleshooting connectivity issues, monitoring network performance, and detecting unusual traffic patterns that could indicate a security concern.

With VPC Flow Logs, you can track all the IP traffic (both inbound and outbound) going to and from network interfaces in your VPC. The logs are stored in CloudWatch by default, but can be published to S3 for more flexibility and cost efficiency.

To create a flow log, navigate to the 'VPC Dashboard' on AWS, go to 'Your VPCs', select a VPC, go to the 'Flow Logs' tab and click on 'Create Flow Log'. You can decide what level of data to collect, where the flow log data is to be published and whether it should be in text or pcap format.

Why is it important?:
VPC Flow Logs provides visibility into your network, enables you to resolve network issues more swiftly and ensures compliance with internal policies and regulatory standards.

Exam Tips:
1. Be aware that Flow Logs data doesn't include real-time information. There is a small latency between capturing the traffic and when it appears in CloudWatch or S3.
2. Know that Flow Logs do not capture all IP traffic. Certain types of traffic, such as traffic generated by instances communicating with Amazon DNS servers is not logged.
3. Understand the basic structure of a flow log record and what each field represents. This can come in useful for questions asking you to interpret a given log record.
4. Remember that enabling VPC Flow Logs incurs additional charges to your AWS bill and can impact performance, so there are scenarios where they may not be the best solution.