AWS Certified SysOps Administrator – Associate (legacy) — Question 606

A sysops administrator is managing a VPC network consisting of public and private subnets. Instances in the private subnets access the Internet through a NAT gateway. A recent AWS bill shows that the NAT gateway charges have doubled. The administrator wants to identify which instances are creating the most network traffic.
How should this be accomplished?

Answer options

• A. Enable flow logs on the NAT gateway elastic network interface and use Amazon CloudWatch insights to filter data based on the source IP addresses.
• B. Run an AWS Cost and Usage report and group the findings by instance ID.
• C. Use the VPC traffic mirroring feature to send traffic to Amazon QuickSight.
• D. Use Amazon CloudWatch metrics generated by the NAT gateway for each individual instance.

Correct answer: A

Explanation

Enabling VPC Flow Logs on the NAT gateway's network interface captures detailed IP traffic, which can be queried in Amazon CloudWatch Logs Insights to find the specific source IP addresses driving the high traffic volume. AWS Cost and Usage Reports do not provide the granular packet-level or IP-level data needed to link NAT gateway charges to specific instances. Additionally, NAT gateways do not publish CloudWatch metrics at the individual instance level, and VPC Traffic Mirroring cannot target Amazon QuickSight directly.