Explanation:
To publish VPC flow logs to Amazon CloudWatch Logs, the service requires an IAM role with specific permissions to interact with CloudWatch. Specifically, it needs:
logs:CreateLogGrouplogs:CreateLogStreamlogs:PutLogEventslogs:DescribeLogGroupslogs:DescribeLogStreamsIf the logs:CreateLogGroup permission is missing and the log group does not already exist, the flow log creation/publishing will fail.
CreateExportTask) is used for exporting logs from CloudWatch to S3, not for VPC flow logs to publish to CloudWatch.Ultimate access to all questions.
Question 5: A company's SysOps administrator is troubleshooting communication between the components of an application. The company configured VPC flow logs to be published to Amazon CloudWatch Logs. However, there are no logs in CloudWatch Logs. What could be blocking the VPC flow logs from being published to CloudWatch Logs?
A
The IAM policy that is attached to the IAM role for the flow log is missing the logs:CreateLogGroup permission
B
The IAM policy that is attached to the IAM role for the flow log is missing the logs:CreateExportTask permission
C
The VPC is configured for IPv6 addresses
D
The VPC is peered with another VPC in the AWS account
No comments yet.