VPC Flow Logs
💡 Definition
VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC.
🔑 Key Concepts
- Traffic Logging: Captures metadata about network traffic, not the actual content of the traffic itself.
- Source & Destination: Logs information like source/destination IP addresses, ports, protocol, and whether the traffic was accepted or rejected.
- Levels of Logging: Can be enabled for a VPC, a Subnet, or an individual Network Interface.
- Destination: Flow log data can be published to CloudWatch Logs or an S3 bucket.
⚙️ How it Works
- Enable: You create a flow log, specifying the resource to monitor and the destination for the logs.
- Capture: The service starts capturing traffic metadata for the specified resource.
- Analyze: You can analyze the logs using tools like CloudWatch Logs Insights or Athena (if logs are in S3) to troubleshoot issues or understand traffic patterns.
🎯 Use Cases
- Troubleshooting Connectivity: Diagnosing why traffic is not reaching an instance (e.g., blocked by a Security Group or NACL).
- Security Analysis: Monitoring for anomalous traffic or investigating security incidents.
- Network Optimization: Understanding traffic patterns to optimize network design.
💰 Pricing Model
- Data Ingestion/Delivery: You are charged for the amount of log data published to CloudWatch Logs or S3.
- Storage: You also pay for the storage of the logs in their respective destinations.
📝 Exam Tips (CLF-C02)
- Keywords: "Capture IP traffic", "Network troubleshooting", "Monitor network traffic".
- It helps answer questions about what traffic is being accepted or rejected.
- Does not capture the actual data packets, only metadata about the connection.
See Also: * VPC * CloudTrail (Logs API calls, Flow Logs logs network traffic) * CloudWatch Logs