VPC Flow Logs
Topic: Cloud aws core
Summary
Enable VPC Flow Logs to capture accepted and rejected traffic at ENI or subnet level. Send to CloudWatch Logs or S3. Use for security and network troubleshooting.
Intent: How-to
Quick answer
- Create flow log for VPC, subnet, or ENI. Choose accept, reject, or both. Destination: CloudWatch Logs or S3.
- Log format includes src/dst IP, port, protocol, action. Use for debugging security groups and NACLs.
- Set retention in CloudWatch or S3 lifecycle. Use Athena or Logs Insights to query. Cost scales with traffic.
Prerequisites
Steps
-
Create flow log
VPC Flow Logs. Create. Select VPC or subnet. Accept and reject. Destination CloudWatch or S3.
-
Query
Use Logs Insights or Athena. Filter by src/dst, port, action. Find allowed or denied traffic.
-
Retention and cost
Set retention in CloudWatch. S3 lifecycle if S3. Monitor cost.
Summary
Enable VPC Flow Logs to capture accepted and rejected traffic. Send to CloudWatch Logs or S3. Use for security and troubleshooting.
Prerequisites
Steps
Step 1: Create flow log
VPC Flow Logs. Create. Select VPC or subnet. Accept and reject. Destination CloudWatch or S3.
Step 2: Query
Use Logs Insights or Athena. Filter by src, dst, port, action. Find allowed or denied traffic.
Step 3: Retention and cost
Set retention in CloudWatch. S3 lifecycle if S3. Monitor cost.
Verification
- Flow logs delivered. Queries return data. Retention and cost acceptable.
Troubleshooting
No logs — Check IAM and destination. High cost — Reduce retention or filter.