Monitor Network Traffic with VPC Flow Logs
Monitoring Network Traffic
The CIS AWS Foundations Benchmark says that in order to capture information about the IP traffic going to and from network interfaces in your VPC, you must enable the VPC Flow Log feature in all VPCs. VPC flow logs enable you to:
- Diagnose overly-restrictive security group rules
- Monitor the traffic that is reaching your instance
- Determining the direction of the traffic to and from the network interfaces
For more information on how to monitor network traffic in your VPC, visit the AWS documentation on VPC flow logs.
Transcription
AWS VPC flow logs monitor the network traffic to and from network devices in your virtual private clouds. It’s important to create a flow log for these which will automatically record network communication at a VPC level to your CloudTrail log for monitoring, alerting, and retention.
Related Videos
Attributes of Log Data
Audit Trail Review with Kibana, Athena, and GuardDuty
Audit Your Security Groups for Insecure Ports and Protocols
Change-Detection Solutions in AWS
CloudTrail and CloudWatch Integration
Enabling AWS Config in All Regions
Enabling CloudTrail Log File Validation
Enabling CloudTrail in All Regions
Ensure ALBs Have WAF ACLs Attached
Ensure RDS Instances are Only Accessible by Internal IPs
Ensuring Role Assumption is Logged
Filters and Alarms in CloudWatch
GuardDuty Alerts for Control Failures
How to Edit Inbound Traffic Rules for Default Security Groups
Identify Unrestricted Access to Ports for Security Groups
Identify if EC2 Instances Are Directly Connected to the Internet
Logging Tools in AWS
Logging Web ACL Data in Amazon Kinesis
Protecting API Gateways with WAF Rules
Restrict Access to CloudTrail Logs in S3 Buckets
Restrict Security Group Access to All Ports
Retaining Your Audit Trail in AWS
Routing Outbound Traffic Through NAT Gateways
Securing Your Log Files
Using Amazon Time Sync Service
