Amazon VPC Flow Logs is a feature that enables you to capture and log the information about the network traffic going to and from the designated network interfaces within your VPC. It can be used as a centralized, single source of information to monitor different network aspects of your VPC.
Kinds of VPC Flow Logs
It is very much important to understand what is monitored and how the logs compile the data. Amazon Web Service (AWS) Offers flow logging at three separate levels:
- Virtual Private Cloud (VPC): Flow logs can be enabled to a particular VPC and can monitor all the activity within your cloud environment.
- Subnet: VPCs are often divided into subnets spanning multiple availability zones in a region. A subnet is a range of IP addresses in your VPC. It can be a private or a public one. Flow Logs can be created for a specific subnet to monitor all the activity within your subnet.
- Elastic Network Interface (ENI): ENIs are virtual network cards you can attach to your EC2 instances. They are used to enable network connectivity for your instances. One can monitor and capture full flow logs from these interfaces to stay ahead of issues like latency and malicious activities.
Enabling VPC Flow Logs
You can enable VPC Flow Logs from the AWS Management Console or the AWS Command Line Interface (CLI), or by making calls to the EC2 API. By default, VPC is not enabled.
To Create a Flow log, you need to specify:
- Resource for which to create the flow log (By using the above method, this will be automatically filled up)
- Type of traffic to capture (accepted traffic, rejected traffic, or all traffic).
- Destinations to which you want to publish the flow log data.
Publishing Flow Logs
VPC Flow Logs can be sent to either
- CloudWatch Logs: To send Flow log data to the CloudWatch log group, a log group must be created to specify.
- S3 Bucket: To send Flow log data to Amazon S3, you’d need an existing S3 bucket to specify.
VPC Flow Logs Use Cases:
- Network Monitoring: It provides you with real-time visibility into network throughput and performance
- Network Usage and optimizing network expenses: You can analyze the network usage and based on the analysis, you can optimize the network traffic expenses.
- Network Forensics: You can find out any compromised IPs by analyzing all the incoming and outgoing network flows In case of any incidents.
VPC Flow Logs Limitations:
- You can’t enable flow logs for VPCs that are peered with your VPC unless the peer VPC is in your account
- Once a flow log is created, you cannot change its configuration or the flow record format
- Flow Logs also exclude certain types of traffic like DHCP traffic, Mirrored traffic, Traffic generated by a Windows instance for Amazon windows license activation, DNS activity. You can find the complete list here.
Conclusion
With VPC Flow Logs, AWS adds a powerful deep analysis to your cloud environment. Knowing how to turn it on, what critical data to collect, its limitations and its pricing help you to utilize it in an efficient way.