Keyboard shortcuts

Press ← or β†’ to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

🏠 Back to Blog
  • VPC Flow Logs monitor the in-and-out traffic of your network INterfaces within your PC
  • You can turn on FLow logs at the VPC, Subnet or Network Interface level
  • VPC FLow logs cannot be tagged like other AWS resources
  • You cannot change the configuration of a flow log after it’s created
  • You cannot enable flow logs for VPCs which are peered with your VPC unless it is in the same account
  • VPC FLow logs can be delivered to an S3 or CLoudWatch Logs
  • VPC Flow logs contains the source and destination IP addresses (not hostnames)
  • Some instance traffic is not monitored :
    • Instance traffic generated by contacting the AWS DNS servers
    • Windows license activation traffic from instances
    • Traffic to and from the instance metadta address (169.254.169.254)
    • DHCP Traffic
    • Any Traffic to the reserved IP address of the default VPC router