Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

VPC Flow Logs

  1. Home
  3. AWS Certified Solutions Architect Professional (SAP-C02)
  5. VPC Flow Logs
  • Used to capture IP traffic going to & from VPC & stored in Amazon Cloudwatch logs
  • VPC Flow Logs is a feature that enables the user to capture information about the IP traffic going to and from network interfaces in VPC
  • Flow log data is stored using Cloudwatch Logs
  • When Flow log data is collected it can be viewed and its data can be retrieved within Cloudwatch
  • Flow logs can be created at 3 different levels, VPC, Subnet and Network Interface levels
  • Flow logs via Cloudwatch can be configured to stream to services such as Elasticache, or Lambda
  • You cannot enable flow logs for VPC’s that are peered with VPC unless the peer VPC is in account
  • You cannot tag a flow log
  • After you have created a flow log, you cannot change its configuration, for example you cannot associate a different role with the flow log
  • Not all traffic is monitored:
    • Traffic generated by instances when they contact Route53 is not monitored or logged
    • If you use own DNS server, then all traffic to that DNS server is logged
    • Traffic generated by a Windows instance for Windows license activation is not monitored or logged
    • Traffic to and from the metadata service (169.254.169.254) is not monitored or logged
    • DHCP traffic is not monitored or logged
    • Traffic to the reserved IP address for the default VPC router is not monitored or logged
  • Can be setup at 3 levels
    • VPC
    • Subnet
    • Network Interface
  • After creation, the config of flow logs cannot change.
  • Not all IP traffic is monitored.
    • DNS Server
    • Windows license activation by windows server
    • 169.254.169.254
    • DHCP
    • Reserver IP Addresses
Menu