Traffic mirror session concepts - Amazon Virtual Private Cloud

Traffic mirror session concepts

A traffic mirror session establishes a relationship between a traffic mirror source and a traffic mirror target. Traffic mirror sessions are evaluated based on the ascending session number that you define when you create the session.

A traffic mirror session contains the following resources:

Each packet is mirrored once. However, you can use multiple traffic mirror sessions on the same mirror source. This is useful if you want to send a subset of the mirrored traffic from a traffic mirror source to multiple tools. For example, you can filter HTTP traffic in a higher priority traffic mirror session and send it to a specific monitoring appliance. At the same time, you can filter all other TCP traffic in a lower priority traffic mirror session and send it to another monitoring appliance.

Traffic mirror sources

A traffic mirror source is the network interface of type interface. For example, a network interface for an EC2 instance or an RDS instance.

A network interface can't be a traffic mirror target and a traffic mirror source in the same traffic mirror session.

Traffic Mirroring is not available on all instance types.

Instance types
  • Traffic Mirroring is not available on the following virtualized Nitro instance types:

    • General purpose: M6a, M6i, M6in, M7g, M7i, M7i-flex

    • Compute optimized: C6a, C6gn, C6i, C6id, C6in, C7g, Hpc6a

    • Memory optimized: R6a, R6i, R6id, R6idn, R6in, R7g, R7iz, X2idn, X2iedn, X2iezn

    • Storage optimized: I4g, I4i, Im4gn, Is4gen

    • Accelerated computing: Inf2, Trn1

  • Traffic Mirroring is not available on bare metal instances.

  • Traffic Mirroring is available only on the following non-Nitro instances types: C4, D2, G3, G3s, H1, I3, M4, P2, P3, R4, X1, and X1e. Note that this does not include T2 instances.