AWS VPC Flow Logs

AWS VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. This can include information such as the source and destination IP addresses, the port numbers, and the protocol. With VPC Flow Logs, you can troubleshoot network issues, monitor the traffic to and from your instances, and improve security by identifying unusual or suspicious activity. To create a VPC Flow Log, you can use the AWS Management Console, the AWS Command Line Interface (CLI), or the AWS SDKs. Once created, the flow logs can be stored in Amazon CloudWatch Logs and analyzed using CloudWatch Logs Insights.

Limitations of VPC FlowLog

VPC Flow Logs have some limitations to be aware of:

  1. VPC Flow Logs are stored in CloudWatch Logs, and data stored in CloudWatch Logs incurs additional charges.
  2. VPC Flow Logs only capture data for the past hour and the data is not guaranteed to be real-time.
  3. VPC Flow Logs do not capture all the network traffic, only the traffic that is directed to the Elastic Network Interface (ENI) of the monitored resource.
  4. VPC Flow Logs do not capture the actual payload of the network traffic, only the metadata such as source and destination IP addresses, ports, and protocol.
  5. VPC Flow Logs cannot be enabled for VPCs that are peered with your VPC unless the peer VPC is also owned by your AWS account.
  6. VPC Flow Logs do not work with VPCs that are connected to your on-premises data center via AWS Direct Connect.

AWS VPC FlowLog Levels

There are three levels of VPC Flow Logs:

  1. Traffic going to and from the VPC: This level captures all traffic going to and from the VPC, including traffic to and from the Internet, traffic between subnets within the VPC, and traffic to and from other VPCs using VPC peering.
  2. Traffic going to and from a specific subnet: This level captures traffic going to and from a specific subnet within the VPC, including traffic to and from the Internet, traffic between subnets within the VPC, and traffic to and from other VPCs using VPC peering.
  3. Traffic going to and from a specific Elastic Network Interface (ENI): This level captures all traffic going to and from a specific ENI, including traffic to and from the Internet, traffic between subnets within the VPC, and traffic to and from other VPCs using VPC peering.

How to create a AWS VPC FlowLog?

To create a VPC Flow Log in AWS, you can follow these steps:

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
  2. In the navigation pane, choose “Flow Logs”.
  3. Choose “Create flow log”.
  4. For “Log group”, choose “Create a new log group” and give a name for it.
  5. For “Delivery stream”, choose “Create a new delivery stream” and give a name for it.
  6. For “Resource type”, choose the resource type (VPC, Subnet, or Network Interface) that you want to create the flow log for.
  7. For “Resource”, choose the specific resource you want to create the flow log for.
  8. For “Traffic type”, choose the traffic type (All, Accepted, or Rejected) that you want to log.
  9. Choose “Create flow log”.

Once the flow log is created, it will start collecting data and send it to the specified log group and delivery stream. You can view and analyze the data using CloudWatch Logs Insights or export it to other services for further analysis.

Please follow and like us:
Content Protection by DMCA.com