AWS VPN Connection Monitoring | Exam Answer

How to Monitor AWS VPN Connection | Exam Answer

Prev Question Next Question

Question

Your company has a VPN connection between the on-premise data center and AWS.

You need to monitor the VPN connection so that you can be notified whenever the connection was down.

Which of the following steps would you take? Choose two answers from the options given below.

Each answer forms part of the solution.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - B and C.

For more information on monitoring VPN connections please see the below link:

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/monitoring-cloudwatch-vpn.html

To monitor the VPN connection between the on-premise data center and AWS and receive notifications whenever the connection goes down, we need to take the following steps:

  1. Create a CloudWatch Log: The first step is to create a CloudWatch log group to collect the logs related to the VPN connection. The log group must be configured to receive logs from the VPN endpoint.

  2. Ensure that CloudWatch metric being monitored is TunnelState for the VPN connection: To monitor the state of the VPN connection, we need to create a CloudWatch metric filter that searches for the specific log message that indicates that the VPN tunnel is down. The CloudWatch metric filter should be based on the TunnelState of the VPN connection.

  3. Create a CloudWatch alarm: Once the CloudWatch metric filter is set up, we need to create a CloudWatch alarm. The alarm should be based on the CloudWatch metric filter that monitors the VPN connection state. The alarm should be configured to send a notification whenever the state of the alarm is set to ALARM. The notification can be sent to an email address or an SNS topic.

  4. Monitor the CloudWatch log: We can also monitor the CloudWatch log to investigate the root cause of the VPN connection outage. The log will provide detailed information about the VPN connection status and any error messages.

Therefore, the correct answers are A and B. We need to create a CloudWatch log to collect VPN connection logs and create a CloudWatch alarm based on a CloudWatch metric filter that monitors the VPN connection state to receive notifications when the connection goes down.