Traffic Monitoring for EC2 Instances

Answer - C.

The AWS documentation mentions the following.

Flow logs can help you with a number of tasks; for example, to troubleshoot why specific traffic is not reaching an instance, which in turn can help you diagnose overly restrictive security group rules.

You can also use flow logs as a security tool to monitor the traffic that is reaching your instance.

For more information on VPC FlowLogs, please refer to the below link:

The correct answer is C. VPC Flow Logs.

VPC Flow Logs can be used to monitor the traffic that is reaching your EC2 instances. VPC Flow Logs capture information about the IP traffic going to and from network interfaces in a VPC. This includes information such as source and destination IP addresses, ports, protocols, and the amount of data transferred. VPC Flow Logs can be created for a VPC, a subnet, or a network interface.

Security groups and NACLs are used to control the traffic that is allowed in and out of your EC2 instances, but they do not provide monitoring capabilities. Security groups act as virtual firewalls, controlling inbound and outbound traffic based on rules that you define. NACLs are used to control traffic at the subnet level, allowing you to specify rules for inbound and outbound traffic.

Subnet Flow Logs are not a valid AWS service or feature. Therefore, this option is incorrect.

In summary, VPC Flow Logs can be used to monitor the traffic that is reaching your EC2 instances, and they capture information about the IP traffic going to and from network interfaces in a VPC.