VPC Flow Logs Essentials and Creation:

  • VPC flow logs allow you to collect information about the IP traffic going to and from network interface in your VPC.
  • VPC flow logs data is stored in a log group in CloudWatch.

  • Flow logs can be created on a specific VPC, subnet or network interface.

  • Flow logs created on a VPC or subnet will include all network interfaces in that VPC or subnet.

  • Each network interface will have its own unique log stream

  • You can set the log to capture data on accepted traffic, rejected traffic, or all traffic.

  • Flow logs are NOT captured in "real-time". The capture window is approximate 10 minutes, then data is published.

  • VPC flow logs consist of network traffic for a specific 5-tuple.

  • A 5-tuple is a set of five different values that comprise a TCP/IP connection. It includes:

    • Source IP address

    • Source port number

    • Destination IP address

    • Destination port number

    • Protocol

Benefits of VPC Flow Logs:

  • Troubleshoot why certain traffic is not reaching an EC2 instance.

  • An added security layer by allowing you to monitor that traffic that reaches your EC2 instances.

Limitations of VPC Flow Logs:

  • Traffic NOT captured by VPC flow logs.
  • Traffic generated by request for instance metadata (request to 169.254.169.254).
  • DHCP traffic.

results matching ""

    No results matching ""