Orhan Kamo
Posted on November 4, 2024
With Amazon Virtual Private Cloud (Amazon VPC), you can launch AWS resources in a logically isolated virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS.
Capture information about IP traffic going into your interfaces:
• VPC Flow Logs
• Subnet Flow Logs
• Elastic Network Interface (ENI) Flow Logs
• Helps to monitor & troubleshoot connectivity issues
• Flow logs data can go to S3, CloudWatch Logs, and Kinesis Data Firehose
• Captures network information from AWS managed interfaces too: ELB,
RDS, ElastiCache, Redshift, WorkSpaces, NATGW, Transit Gateway…
VPC Flow Logs –Traffic not captured
• Traffic to Amazon DNS server (custom DNS server traffic is logged)
• Traffic for Amazon Windows license activation
• Traffic to and from 169.254.169.254 for EC2 instance metadata
• Traffic to and from 169.254.169.123 for Amazon Time Sync service
• DHCP traffic
• Mirrored traffic
• Traffic to the VPC router reserved IP address (e.g., 10.0.0.1)
• Traffic between VPC Endpoint ENI and Network Load Balancer ENI
We can use query with Athena ( top 10 ip adress)
We enable VPC Flow and we sent logs to S3 and CloudWatch
We created VPC
aggreation interval 10 minutes because 1 minute means to many logs and it can be expensive and if we want to sent logs to CloudWatch, we need IAM role
Right now we sent logs to S3.
Posted on November 4, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.