It’s a feature that helps us capture the metadata information about a Packet passing through a Network Interface.
Remember, it does not capture the packet contents; we need to use the packet sniffer tool for that purpose. Also, VPC flow logs do not capture the information in real-time from network interfaces.
Usually, VPC flow logs can be enabled at three levels:
- VPC
- Subnet
- Individual Network Interface.
Refer to the GitHub link that allows you to create VPC Flow logs at the VPC level for ALL traffic to a Cloudwatch log group. We are using a Custom format to capture the VPC Flow logs.
Further details on the deployment and how to understand log fields are explained in the GitHub files.
For a detailed explanation, refer to the AWS documentation