- Used to capture IP traffic going to & from your VPC & stored in Amazon Cloudwatch logs
- VPC Flow Logs is a feature that enables the user to capture information about the IP traffic going to and from network interfaces in your VPC
- Flow log data is stored using Cloudwatch Logs
- When Flow log data is collected it can be viewed and its data can be retrieved within Cloudwatch
- Flow logs can be created at 3 different levels, VPC, Subnet and Network Interface levels
- Flow logs via Cloudwatch can be configured to stream to services such as Elasticache, or Lambda
- You cannot enable flow logs for VPC’s that are peered with your VPC unless the peer VPC is in your account
- You cannot tag a flow log
- After you have created a flow log, you cannot change its configuration, for example you cannot associate a different role with the flow log
- Not all traffic is monitored:
- Traffic generated by instances when they contact Route53 is not monitored or logged
- If you use your own DNS server, then all traffic to that DNS server is logged
- Traffic generated by a Windows instance for Windows license activation is not monitored or logged
- Traffic to and from the metadata service (169.254.169.254) is not monitored or logged
- DHCP traffic is not monitored or logged
- Traffic to the reserved IP address for the default VPC router is not monitored or logged
- Can be setup at 3 levels
- VPC
- Subnet
- Network Interface
- After creation, the config of flow logs cannot change.
- Not all IP traffic is monitored.
- DNS Server
- Windows license activation by windows server
- 169.254.169.254
- DHCP
- Reserver IP Addresses
Are you an AWS SysOps Administrator Associate?Take a Quiz