VPC Flow Log

VPC Flow Logs

It’s a feature that helps us capture the metadata information about a Packet passing through a Network Interface.

Remember, it does not capture the packet contents; we need to use the packet sniffer tool for that purpose. Also, VPC flow logs do not capture the information in real-time from network interfaces.

Usually, VPC flow logs can be enabled at three levels:

  1. VPC
  2. Subnet
  3. Individual Network Interface.

Refer to the GitHub link that allows you to create VPC Flow logs at the VPC level for ALL traffic to a Cloudwatch log group. We are using a Custom format to capture the VPC Flow logs.

Further details on the deployment and how to understand log fields are explained in the GitHub files.

For a detailed explanation, refer to the AWS documentation

Leave a Reply