How to Monitor AWS VPN Connection | Exam Answer

Answer - B and C.

For more information on monitoring VPN connections please see the below link:

To monitor the VPN connection between the on-premise data center and AWS and receive notifications whenever the connection goes down, we need to take the following steps:

1. Create a CloudWatch Log: The first step is to create a CloudWatch log group to collect the logs related to the VPN connection. The log group must be configured to receive logs from the VPN endpoint.

2. Ensure that CloudWatch metric being monitored is TunnelState for the VPN connection: To monitor the state of the VPN connection, we need to create a CloudWatch metric filter that searches for the specific log message that indicates that the VPN tunnel is down. The CloudWatch metric filter should be based on the TunnelState of the VPN connection.

3. Create a CloudWatch alarm: Once the CloudWatch metric filter is set up, we need to create a CloudWatch alarm. The alarm should be based on the CloudWatch metric filter that monitors the VPN connection state. The alarm should be configured to send a notification whenever the state of the alarm is set to ALARM. The notification can be sent to an email address or an SNS topic.

4. Monitor the CloudWatch log: We can also monitor the CloudWatch log to investigate the root cause of the VPN connection outage. The log will provide detailed information about the VPN connection status and any error messages.

Therefore, the correct answers are A and B. We need to create a CloudWatch log to collect VPN connection logs and create a CloudWatch alarm based on a CloudWatch metric filter that monitors the VPN connection state to receive notifications when the connection goes down.