Study SOA-C03 Network Logs and Connectivity Troubleshooting: key concepts, common traps, and exam decision cues.
This lesson is about finding the broken network hop instead of guessing. SOA-C03 expects you to use the right log source and the right network component model when troubleshooting VPC paths, hybrid connectivity, and CloudFront cache behavior.
Flow log: Record of accepted or rejected traffic at a network interface or subnet boundary.
Cache miss: Request that CloudFront cannot serve from cache and must fetch from the origin.
Origin failure: Problem at the backend service or origin path that prevents CloudFront or another frontend from retrieving the expected response.
AWS wants you to separate:
| If the symptom is mainly about… | Strongest first evidence lane | Why |
|---|---|---|
| accepted or rejected traffic at the network boundary | VPC flow logs | They show whether traffic was allowed or rejected on the observed path |
| whether the path should exist at all | route tables, gateways, and endpoint design | If the route is wrong, packet filtering is not the first problem |
| CloudFront serving the wrong thing or bypassing expectations | CloudFront cache behavior and origin settings | Edge behavior and origin behavior are different failure lanes |
| hybrid or private path uncertainty | the actual connectivity model first | VPN, Direct Connect, NAT, endpoints, and internet paths are not interchangeable |
If you skip that order, you often debug a security group when the traffic was never on the right route in the first place.
| Symptom | Check first | Why |
|---|---|---|
| traffic is rejected before reaching the target | flow logs plus security-group or ACL logic | The evidence should show whether the packet was allowed |
| private subnet cannot reach the intended service | route path, NAT, endpoint, or gateway design | The first failure may be path design rather than filtering |
| CloudFront returns stale or unexpected content | cache behavior, TTL, invalidation, and origin settings | Edge caching can fail even when the origin itself is healthy |
| CloudFront reports misses and errors together | separate cache misses from origin retrieval failures | A miss is not automatically an origin outage |
| Question | Cache problem | Origin problem |
|---|---|---|
| Main symptom | stale content, wrong object selection, unexpected edge behavior | fetches fail or return bad responses from the backend |
| Strongest first checks | cache behavior, TTL, invalidation, path pattern | origin health, origin path, backend response, access from CloudFront |
| Common trap | assuming every cache miss is an outage | assuming the edge is broken when the backend never served the object correctly |
A CloudFront distribution starts serving unexpected content after a deployment. The origin is healthy, but users keep receiving an old object or a path that does not match the new behavior. What is the strongest reading first?
Correct answer: B. If the origin is healthy and the symptom is stale or mismatched edge content, the strongest first lane is CloudFront cache behavior rather than VPC routing or identity work.