AWS Quick Notes — VPC Monitoring

VPC Flow Logs

VPC Flow Logs can be used to analyze VPC traffic — IP traffic going in and out of the VPC.VPC flow log monitoring does not impact performance of the VPC.

Both ACCEPT And REJECT traffic can be obtained.

To create a flow log, you specify:

1. The resource for which to create the flow log
2. The type of traffic to capture (accepted traffic, rejected traffic, or all traffic)
3. The destinations to which you want to publish the flow log data.
4. Services such as Athena or CloudWatch Logs Insights can be used to analyze the data.

Traffic Mirroring is used for deeper analysis.

Traffic Mirroring

VPC traffic mirroring allows you to capture the network traffic in your VPC .

The mirrored traffic can include all packets, or capture packets of interest only. The data can be routed to an ENI or a Network Load balancer of choice.

The traffic can then be analyzed and reported on. The typical use cases include threat monitoring , troubleshooting, audit trails.

This document from Amazon explains the differences between VPC Flow Logs and Traffic Mirroring.