Traffic mirror filters - Amazon Virtual Private Cloud
Create a traffic mirror filterView your traffic mirror filtersModify your traffic mirror filter rulesModify traffic mirror filter tagsModify traffic mirror filter network servicesDelete a traffic mirror filter

Traffic mirror filters

Use a traffic mirror filter and its rules to determine the traffic that is mirrored. A traffic mirror filter contains one or more traffic mirror rules. For more information, see Traffic mirror filter concepts.

Rules are evaluated from the lowest value to the highest value. The first rule that matches the traffic determines the action to take.

Create a traffic mirror filter

To create a traffic mirror filter using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. On the navigation pane, choose Traffic Mirroring, Mirror filters.

  3. Choose Create traffic mirror filter.

  4. (Optional) For Name tag, enter a name for the traffic mirror filter.

  5. (Optional) For Description, enter a description for the traffic mirror filter.

  6. (Optional) If you need to mirror Amazon DNS traffic, select amazon-dns.

  7. For each rule, inbound or outbound, choose Add rule, and then specify the following information:

    • Number: The rule priority.

    • Rule action: Indicates whether to accept or reject the packets.

    • Protocol: The protocol.

    • (Optional) Source port range: The source port range.

    • (Optional) Destination port range: The destination port range.

    • Source CIDR block: The source CIDR block. The source and destination CIDR blocks must both be either IPv4 ranges or IPv6 ranges.

    • Destination CIDR block: The destination CIDR block. The source and destination CIDR blocks must both be either IPv4 ranges or IPv6 ranges.

    • Description: A description for the rule.

  8. (Optional) For each tag to add, choose Add new tag and enter the tag key and tag value.

  9. Choose Create.

To create a traffic mirror filter using the AWS CLI

Use the create-traffic-mirror-filter command.

View your traffic mirror filters

To view your traffic mirror filters using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. On the navigation pane, choose Traffic Mirroring, Mirror filters.

  3. Select the ID of the traffic mirror filter to open its details page.

To view your traffic mirror filters using the AWS CLI

Use the describe-traffic-mirror-filters command.

Modify your traffic mirror filter rules

To modify your traffic mirror filter using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. On the navigation pane, choose Traffic Mirroring, Mirror filters.

  3. Select the ID of the traffic mirror filter to open its details page.

  4. For each rule to add, choose either Inbound rules , Add inbound rule or Outbound rules, Add outbound rule. Specify the following information, and then choose Add rule:

    • Rule number: The rule priority.

    • (Optional) Description: A description for the rule.

    • Rule action: Indicates whether to accept or reject the packets.

    • Protocol: The protocol.

    • (Optional) Source port range: The source port range.

    • (Optional) Destination port range: The destination port range.

    • Source CIDR block: The source CIDR block. The source and destination CIDR blocks must both be either IPv4 ranges or IPv6 ranges.

    • Destination CIDR block: The destination CIDR block. The source and destination CIDR blocks must both be either IPv4 ranges or IPv6 ranges.

  5. For each inbound rule to modify, select the rule and choose Modify outbound rule. Update the rule as needed, and then choose Modify rule.

  6. For each rule to delete, select the rule and choose Delete. When prompted for confirmation, enter delete, and then choose Delete.

Modify traffic mirror filter tags

To modify your traffic mirror filters using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. On the navigation pane, choose Traffic Mirroring, Mirror filters.

  3. Select the ID of the traffic mirror filter to open its details page.

  4. From the Tags tab, chooseManage tags.

  5. For each tag to add, choose Add new tag and enter the tag key and tag value.

  6. For each tag to remove, choose Remove.

  7. Choose Save.

To modify the traffic mirror filter tags using the AWS CLI

Use the create-tags command to add a tag. Use the delete-tags command to remove a tag.

Modify traffic mirror filter network services

To modify your traffic mirror filter network services using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. On the navigation pane, choose Traffic Mirroring, Mirror filters.

  3. Select the radio button for the traffic mirror filter.

  4. Choose Actions, Modify Network Services.

  5. If you need to mirror Amazon DNS traffic, select amazon-dns. Otherwise, clear amazon-dns.

  6. Choose Modify.

To modify the network services traffic mirror filters using the AWS CLI

Use the modify-traffic-mirror-filter-network-services command.

Delete a traffic mirror filter

Before you can delete a traffic mirror filter, you must remove it from any traffic mirror sessions.

To delete a traffic mirror filter using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. On the navigation pane, choose Traffic Mirroring, Mirror filters.

  3. Select the traffic mirror filter, and then choose Actions, Delete.

  4. When prompted for confirmation, enter delete, and then choose Delete.

To delete a traffic mirror filter using the AWS CLI

Use the delete-traffic-mirror-filter command.