
- Amazon VPC - Home
- What is Amazon VPC?
- Amazon VPC - Components
- Creating Your First VPC
- Public vs Private Subnets
- Amazon VPC - Security Groups
- Network Access Control Lists
- Amazon VPC - Flow Logs
- Amazon VPC - Endpoints
- Amazon VPC - Peering
Amazon VPC Useful Resources
Amazon VPC - Flow Logs
Flow logs is a feature that allows you to capture and monitor network traffic within your VPC. It enables you to monitor both incoming and outgoing traffic which helps you understand the flow of information in your network and detect any suspicious activity.
VPC Flow Logs mainly record the following details −
- Source and destination IP addresses
- Ports
- Protocols
- Traffic direction (inbound or outbound)
- Allow / deny decisions based on Security Group and Network Access control List (NACL) rules
Enabling VPC Flow Logs to Monitor Network Traffic
Follow the steps given below to enable VPC Flow Logs for monitoring network traffic in your VPC −
Step 1: Access the VPC Management Console
First you need to sign in to AWS Management Console. Next, in the search bar, type VPC, and select VPC Dashboard from the dropdown list.
Step 2: Create a VPC Flow Log
From the left-hand navigation pane choose Your VPCs. You need to select the VPC for which you want to enable Flow Logs.
Click the Actions button and from the dropdown menu, select Create Flow Log.
Step 3: Configure Flow Log Settings
From the Create Flow Log we need to configure several settings to control what data the Flow Logs will capture.
Lets see what to and how to configure −
-
Filter − It provides various options to choose the type of traffic you want to log.
- All − Capture all traffic.
- Reject − Capture only rejected traffic.
- Accept − Capture only accepted traffic.
-
Destination − It provides options for where to send the Flow Log data.
- Amazon CloudWatch Logs − Useful for real-time monitoring and analysis.
- Amazon S3 − Suitable for long-term storage and large-scale log analysis.
- IAM Role − Select or create an IAM role that allows the VPC Flow Logs service to publish logs to CloudWatch or S3.
- Log Format (Optional) − It is optional, but you can customize the log format if needed, to capture specific fields such as instance ID, protocol, traffic direction, and more.
- Tag (Optional) − It is also optional. You can add tags to your Flow Log for easy identification.
Once you have configured everything, click Create Flow Log.
Step 4: View VPC Flow Logs
For CloudWatch, follow the steps given below −
- If you sent the logs to CloudWatch Logs, go to the CloudWatch Dashboard.
- Select Logs, and choose the log group where the VPC Flow Logs are being stored.
- Here, you can view, filter, and analyze the log data.
For Amazon S3, follow the steps given below −
- If you chose Amazon S3 as the destination, navigate to the S3 bucket you specified.
- Inside that bucket, you will see log files that you can download and analyze offline.