Allow debugging of trunk and branch interfaces using port mirroring and VPC flow logs

[youwalther65]

What would you like to be enhanced:

1. AWS docs “What is Traffic Mirroring?” states that only ENI of type “interface” are supported.
2. When Security Groups for Pods are enabled, trunk interfaces on supported instance types will be created and a correspomnding CloudWatch Log stream for the trunk ENI will be created. But there is no log stream for branch interfaces.

Why is the change needed and what use case will it solve:

1. Customer would like to debug trunk and branch interfaces using port mirroring
2. Customer would like to debug branch ENI by having a dedicated CW log stream for it.

[haouc]

Can you elaborate what the exact use case looks like regarding Traffic Mirroring? Since AWS EC2 console provides branch ENI's info, the mirroring should be feasible to set up. They can easily find the branch interface id from pods' annotation and pods' event history. I am also not sure what log stream for branch interfaces refers to in this case. Thanks.