Which AWS resources can have Flow Logs enabled?

Vpc ,subnet ,ENI

What IAM permissions are required to create and view Flow Logs?

User , group or specific permission to vpc

Where can Flow Log data be stored? (e.g., CloudWatch Logs, S3)

Above both is stored flow log data but some different cloud watch is real time monitoring and S3 is a long term analytics storage using Athena with archival purposes

How can you use Flow Logs for auditing and compliance purposes?

Flow logs is a power tool auditing and compliance in cloud environment .They Provide visibility into network traffic going to and from resources in cloud environment

You want to monitor traffic between two subnets across different VPCs connected via a Transit Gateway. How can Flow Logs be configured?