Make writing a habit together! This is the 16th day of my participation in the “Gold Digging Day New Plan · April More text Challenge”. Click here for more details.

Click back to our previous article on AWS Log Monitoring CloudTrail Vs CloudWatch.

VPC Flow Logs

Keywords: Network, VPC, Subnet, interface, monitoring

VPC Traffic Logging is a service of AWS Web Services that allows you to record IP traffic data between network interfaces within a virtual private network (VPC).

This log data can then be applied to AWS S3 or AWS CloudWatch logs. Once you have set up Flow Logs, you can examine and validate the log data. Flow Logs can be used for a variety of tasks, including:

  • Diagnose rules for restrictive security groups
  • Monitor traffic directed to your instance
  • Determine the direction of traffic from and to the network interface

Flow Logs data is captured outside the path of your network traffic, so it does not affect your network performance or latency. It is important to note that Flow Logs do not affect network performance in any case.

What are the benefits?

With traffic logging, we can detect network latency, create performance baselines, and adjust your application to respond; It can then expose latency, traffic duration, and bytes sent so you can quickly and accurately determine performance issues; Finally, it allows you to record and analyze IP address traffic coming and going from network interfaces in a VPC.

So how does it work?

We chose to create Flow Logs for the VPC, which will monitor the Logs of the VPC, subnet, and network interface by default. Traffic log data is recorded in the form of traffic log records. When creating Flow Logs, you will need to specify the resource for which you want traffic Logs, the type of traffic you want to capture, and where you want to eventually publish the data.

conclusion

CloudWatch monitors your applications and AWS resources and reports on their health and performance, while CloudTrail monitors account activity within the AWS environment; CloudWatch monitors performance and CloudTrail monitors activity.

VPC Flow Logs, on the other hand, record traffic in and out of the network. For example, it will show whether the connection from the computer to your EC2 instance was accepted or rejected. The VPC traffic log determines who is accessing your VIRTUAL machine, while CloudTrail determines who is accessing your AWS account.

Briefly summarized as:

  • CloudWatch: What’s going on with AWS? Log everything about a particular service or application.
  • CloudTrail: Who does what on AWS? And includes records of API calls to services or resources.
  • VPC Flow Logs: Who in AWS specifies which IP traffic flows between network interfaces in a VPC?