Traffic Mirroring and VPC Flow Logs - Amazon Virtual Private Cloud

Traffic Mirroring and VPC Flow Logs

You can use Traffic Mirroring and VPC Flow Logs to monitor your VPC traffic. You can collect, store, and analyze network flow logs. The Flow Logs capture information about the following:

  • Allowed and denied traffic

  • Source and destination IP addresses

  • Ports

  • Protocol number

  • Packet and byte counts

  • Action taken (accept or reject)

You can use VPC Flow Logs to troubleshoot connectivity and security issues, and to make sure that the network access rules are working as expected.

Traffic Mirroring provides deeper insight into the network traffic by allowing you to analyze actual traffic content, including payload. Traffic Mirroring is targeted for the following types of cases:

  • Analyzing the actual packets to perform a root-cause analysis on a performance issue

  • Reverse-engineering a sophisticated network attack

  • Detecting and stopping insider abuse or compromised workloads