You are managing an application that runs in Compute Engine. The application uses a custom HTTP server to expose an API that is accessed by other applications through an internal TCP/UDP load balancer. A firewall rule allows access to the API port from 0.0.0.0/0. You need to configure Cloud Logging to log each IP address that accesses the API by using the fewest number of steps. What should you do first?
To log each IP address that accesses the API in a Compute Engine environment with the fewest number of steps, you should enable logging on the firewall rule. This will directly capture the IP addresses that interact with the API without requiring the installation of additional software on instances or configuring multiple components. Other methods may sample traffic or require more complex configurations.
Option D uses fewest number of steps.
Choose option D. To configure Cloud Logging to log each IP address accessing the API with the fewest steps in a Compute Engine environment using an internal TCP/UDP load balancer, the first step would be to enable VPC Flow Logs on the subnet. That will allows you to capture network flow information, including source and destination IP addresses, as traffic passes through the load balancer. VPC Flow Logs provide detailed visibility into network activity without requiring modifications to individual instances or the installation of additional agents. Enabling VPC Flow Logs is a straightforward and efficient way to capture the necessary information for logging IP addresses accessing the API in a Compute Engine environment.
D. Enable VPC Flow Logs on the subnet. This will capture the network traffic details you need for logging in Cloud Logging without requiring additional configurations on the instances or firewall rules.
C is correct. VPC Flows logs can show source IP addresses, but they sample packets, do not provide the level of detail about individual API calls compared to firewall rule logging.
Be careful. The question states "each IP address that accesses the API". VPC Flow Logs is sampling records: "VPC Flow Logs records a sample of network flows sent from and received by VM instances, including instances used as GKE nodes. These logs can be used for network monitoring, forensics, real-time security analysis, and expense optimization." Source: https://cloud.google.com/vpc/docs/using-flow-logs C. Is the correct answer.
C) Enabling Logging of firewall rules