This page is under regular updates. Please check back later for more content.
Networking & Content Delivery
Flow Logs

AWS Flow Logs

  • AWS Flow Logs are a valuable tool for monitoring and troubleshooting network traffic within your Amazon Virtual Private Cloud (VPC).
  • They capture information about the IP traffic going to and from network interfaces, providing insights into the direction, source, destination, and volume of network traffic.
  • When you create a Flow Log, you specify the desired destination (CloudWatch Logs or S3 or Data Firehose) for the flow log data.
  • The data is then delivered to the specified location in real-time or near real-time.

Where to Implement?

AWS Flow Logs can be implemented within your Amazon Virtual Private Cloud (VPC). You can configure them at the following levels:**

  • VPC Level: Capture traffic for the entire VPC.
  • Subnet Level: Capture traffic for specific subnets within your VPC.
  • Network Interface Level: Capture traffic for individual network interfaces.

Log Format

AWS Flow Logs generate records in a specific format, which can be either the default format or a custom format.

Example -

Example of an AWS Flow Log Record in MDX Format

Here's an example of an AWS Flow Log record in MDX format, using a table to highlight the fields and their values:

FieldValue
version2
account-id123456789012
interface-idabcdef123456
srcaddr10.0.0.1
dstaddr192.168.1.100
srcport80
dstport80
protocolTCP
packets100
bytes5000
start1651357200
end1651357210
actionACCEPT
log-statusSUCCESS

Explanation of Fields:

  • version: The version of the flow log format.
  • account-id: The AWS account ID associated with the flow log.
  • interface-id: The ID of the network interface that generated the flow log.
  • srcaddr: The source IP address of the network traffic.
  • dstaddr: The destination IP address of the network traffic.
  • srcport: The source port number of the network traffic.
  • dstport: The destination port number of the network traffic.
  • protocol: The protocol used for the network traffic (e.g., TCP, UDP, ICMP).
  • packets: The number of packets in the flow.
  • bytes: The number of bytes in the flow.
  • start: The start time of the flow, in Unix timestamp format.
  • end: The end time of the flow, in Unix timestamp format.
  • action: The action taken on the traffic (e.g., ACCEPT, REJECT).
  • log-status: The status of the log record (e.g., SUCCESS, FAILURE).

By analyzing these fields, you can gain valuable insights into your network traffic patterns, identify potential security threats, and troubleshoot network issues.

Pricing

  • Primarily data transfer costs to the destination.
  • Additional costs for storage and analysis (if applicable).

Demo

Step 1: Select a VPC/Subnet/Network Interface

Step 2: Click on create flow log

Step 3: Specify the following details - - Name - Filters - Max Aggregation level (max interval during which a flo of packet is captured) - Destination (where we want to store) - Log record format

Step 4: Click on create

(We can analyze the entire log in Amazon Athena)

Route 53AWS Cloud Map