Amazon Virtual Private Cloud
Traffic Mirroring

Traffic Mirror Filters

Use a traffic mirror filter and its rules to define the traffic that is mirrored. A traffic mirror filter contains one or more traffic mirror rules, and a set of network services.

You can define a set of parameters to apply to the traffic mirror source traffic to determine the traffic to mirror. The following traffic mirror filter rule parameters are available:

  • Traffic direction: Inbound or outbound

  • Action: The action to take, either to accept or reject the packet

  • Protocol: The L4 protocol

  • Source port range

  • Destination port range

  • Source CIDR block

  • Destination CIDR block

Create a Traffic Mirror Filter

Create a traffic mirror filter.

Create a traffic mirror filter and add rules to the filter to define the traffic that is mirrored. A traffic mirror filter contains one or more traffic mirror rules, and a set of network services.

The Source CIDR block and Destination CIDR block values must both be either an IPv4 range or an IPv6 range.

To create a traffic mirror filter using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the Region selector, choose the AWS Region that you used when you created the VPCs.

  3. On the navigation pane, choose Traffic Mirroring, Mirror Filters.

  4. Choose Create traffic mirror filter.

  5. For Name tag, enter a name for the traffic mirror filter.

  6. (Optional) For Description, enter a description for the traffic mirror filter.

  7. (Optional) Mirror network services.

    [Mirror Amazon DNS traffic] Select amazon-dns.

  8. (Optional) Add inbound rules. Choose Inbound rules, Add, rule, and then specify the following information about the traffic mirror source inbound traffic:

    • Rule number: Enter a priority to assign to the rule.

    • Rule action: Choose the action to take for the packet.

    • Protocol: Choose the L4 protocol to assign to the rule.

    • (Optional) Source port range: Enter the source port range.

    • (Optional) Destination port range: Enter the destination port range.

    • Source CIDR block: Enter a source CIDR block.

    • Destination CIDR block: Enter a destination CIDR block.

    • (Optional) Description: Enter a description for the rule.

    Repeat for each inbound rule that you want to add.

  9. (Optional) Add outbound rules. Choose Outbound rules, Add, rule, and then specify the following information about the traffic mirror source outbound traffic:

    • Rule number: Enter a priority to assign to the rule.

    • Rule action: Choose the action to take for the packet.

    • Protocol: Choose the IP protocol to assign to the rule.

    • (Optional) Source port range: Enter the source port range.

    • (Optional) Destination port range: Enter the destination port range.

    • Source CIDR block: Enter a source CIDR block.

    • Destination CIDR block: Enter a destination CIDR block.

    • (Optional) Description: Enter a description for the rule.

    Repeat for each outbound rule that you want to add.

  10. (Optional) Add or remove a tag.

    [Add a tag] Choose Add tag and do the following:

    • For Key, enter the key name.

    • For Value, enter the key value.

    [Remove a tag] Next to the tag, choose Remove tag.

  11. Choose Create.

To create a traffic mirror filter using the AWS CLI

Use the create-traffic-mirror-filter command.

Modify Your Traffic Mirror Filter Rules

Add or remove inbound and outbound traffic mirror filter rules.

The Source CIDR block and Destination CIDR block values must both be either an IPv4 range or an IPv6 range.

To modify your traffic mirror filter using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the Region selector, choose the AWS Region that you used when you created the traffic mirror filter.

  3. On the navigation pane, choose Traffic Mirroring, Mirror Filters.

  4. Select the traffic mirror filter.

  5. Add inbound rules. Choose Inbound rules , Add inbound rule, and then specify the following information about the traffic mirror source inbound traffic:

    • Rule number: Enter a priority to assign to the rule.

    • Rule action: Choose the action to take for the packet.

    • Protocol: Choose the L4 protocol to assign to the rule.

    • (Optional) Source port range: Enter the source port range.

    • (Optional) Destination port range: Enter the destination port range.

    • Source CIDR block: Enter a source CIDR block.

    • Destination CIDR block: Enter a destination CIDR block.

    • (Optional) Description: Enter a description for the rule.

    Repeat for each inbound rule that you want to add.

  6. Add outbound rules. Choose Outbound rules , Add outbound rule, and then specify the following information about the traffic mirror source outbound traffic:

    • Rule number: Enter a priority to assign to the rule.

    • Rule action: Choose the action to take for the packet.

    • Protocol: Choose the IP protocol to assign to the rule.

    • (Optional) Source port range: Enter the source port range.

    • (Optional) Destination port range: Enter the destination port range.

    • Source CIDR block: Enter a source CIDR block.

    • Destination CIDR block: Enter a destination CIDR block.

    • (Optional) Description: Enter a description for the rule.

    Repeat for each outbound rule that you want to add.

  7. Delete an inbound rule.

    Choose Inbound rules, and then do the following:

    • Select the rule, and then choose Delete.

    • In the Delete confirmation dialog box, enter delete, and then choose Delete.

  8. Delete an outbound rule. Choose Outbound rules, and then do the following:

    • Select the rule, and then choose Delete.

    • In the Delete confirmation dialog box, enter delete, and then choose Delete.

  9. Modify a rule. Choose Inbound rules, or Outbound rules, and then do the following:

    • Select the rule, and choose Modify inbound rule or Modify outbound rule.

    • Make the required changes, and then choose Modify rule.

Modify Traffic Mirror Filter Tags

To modify your traffic mirror filters using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the Region selector, choose the AWS Region that you used when you created the traffic mirror filter.

  3. On the navigation pane, choose Traffic Mirroring, Mirror Filters.

  4. Select the traffic mirror filter.

  5. Choose Tags, Manage tags.

  6. [Add a tag] Choose Add tag and do the following:

    • For Key, enter the key name.

    • For Value, enter the key value.

    [Remove a tag] Next to the tag, choose Remove tag.

  7. Choose Save changes.

To modify the traffic mirror filter tags using the AWS CLI

Use the tag-resource command to add a tag. Use the untag-resource command to remove a tag.

Modify Traffic Mirror Filter Network Services

To modify your traffic mirror filter network services using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the Region selector, choose the AWS Region that you used when you created the traffic mirror filter.

  3. On the navigation pane, choose Traffic Mirroring, Mirror Filters.

  4. Select the traffic mirror filter.

  5. Choose modify Network Services.

  6. [Mirror Amazon DNS traffic] Select amazon dns.

  7. Choose Modify.

To modify the network services traffic mirror filters using the AWS CLI

Use the modify-traffic-mirror-filter-network-services command.

View Your Traffic Mirror Filters

To view your traffic mirror filters using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the Region selector, choose the AWS Region that you used when you created the traffic mirror filter.

  3. On the navigation pane, choose Traffic Mirroring, Mirror Filters.

  4. Select the traffic mirror filter.

To view your traffic mirror filters using the AWS CLI

Use the describe-traffic-mirror-filters command.

Delete a Traffic Mirror Filter

To delete a traffic mirror filter using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the Region selector, choose the AWS Region that you used when you created the traffic mirror filter.

  3. On the navigation pane, choose Traffic Mirroring, Mirror Filters.

  4. Select the traffic mirror filter, and then choose Delete.

  5. In the Delete confirmation dialog box, enter delete, and then choose Delete.

To delete a traffic mirror filter using the AWS CLI

Use the delete-traffic-mirror-filter command.