Traffic mirror filters - Amazon Virtual Private Cloud

Traffic mirror filters

Use a traffic mirror filter and its rules to determine the traffic that is mirrored. A traffic mirror filter contains one or more traffic mirror rules. You can also mirror certain network services.

You can define a set of parameters to apply to the traffic mirror source traffic to determine the traffic to mirror. The following traffic mirror filter rule parameters are available:

  • Traffic direction: Inbound or outbound

  • Action: The action to take, either to accept or reject the packet

  • Protocol: The L4 protocol

  • Source port range

  • Destination port range

  • Source CIDR block

  • Destination CIDR block

Rules are evaluated from the lowest value to the highest value. The first rule that matches the traffic determines the action to take.

Create a traffic mirror filter

Create a traffic mirror filter.

Create a traffic mirror filter and add rules to the filter to define the traffic that is mirrored. A traffic mirror filter contains one or more traffic mirror rules, and a set of network services.

The Source CIDR block and Destination CIDR block values must both be either an IPv4 range or an IPv6 range.

To create a traffic mirror filter using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the Region selector, choose the AWS Region that you used when you created the VPCs.

  3. On the navigation pane, choose Traffic Mirroring, Mirror Filters.

  4. Choose Create traffic mirror filter.

  5. (Optional) For Name tag, enter a name for the traffic mirror filter.

  6. (Optional) For Description, enter a description for the traffic mirror filter.

  7. (Optional) Mirror network services.

    [Mirror Amazon DNS traffic] Select amazon-dns.

  8. (Optional) For each inbound rule, choose Inbound rules, Add rule, and then specify the following information:

    • Number: Enter a priority to assign to the rule.

    • Rule action: Choose the action to take for the packet.

    • Protocol: Choose the L4 protocol to assign to the rule.

    • (Optional) Source port range: Enter the source port range.

    • (Optional) Destination port range: Enter the destination port range.

    • Source CIDR block: Enter a source CIDR block.

    • Destination CIDR block: Enter a destination CIDR block.

    • Description: Enter a description for the rule.

  9. (Optional) Add outbound rules. Choose Outbound rules, Add, rule, and then specify the following information about the traffic mirror source outbound traffic:

    • Number: Enter a priority to assign to the rule.

    • Rule action: Choose the action to take for the packet.

    • Protocol: Choose the IP protocol to assign to the rule.

    • (Optional) Source port range: Enter the source port range.

    • (Optional) Destination port range: Enter the destination port range.

    • Source CIDR block: Enter a source CIDR block.

    • Destination CIDR block: Enter a destination CIDR block.

    • Description: Enter a description for the rule.

  10. (Optional) For each tag to add, choose Add new tag and enter the tag key and tag value.

  11. Choose Create.

To create a traffic mirror filter using the AWS CLI

Use the create-traffic-mirror-filter command.

View your traffic mirror filters

To view your traffic mirror filters using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. On the navigation pane, choose Traffic Mirroring, Mirror Filters.

  3. Select the ID of the traffic mirror filter to open its details page.

To view your traffic mirror filters using the AWS CLI

Use the describe-traffic-mirror-filters command.

Modify your traffic mirror filter rules

Add or remove inbound and outbound traffic mirror filter rules.

The Source CIDR block and Destination CIDR block values must both be either an IPv4 range or an IPv6 range.

To modify your traffic mirror filter using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. On the navigation pane, choose Traffic Mirroring, Mirror Filters.

  3. Select the ID of the traffic mirror filter to open its details page.

  4. To add inbound rules, choose Inbound rules , Add inbound rule. Specify the following information, and then choose Add rule:

    • Rule number: Enter a priority to assign to the rule.

    • (Optional Description: Enter a description for the rule.

    • Rule action: Choose the action to take for the packet.

    • Protocol: Choose the L4 protocol to assign to the rule.

    • (Optional) Source port range: Enter the source port range.

    • (Optional) Destination port range: Enter the destination port range.

    • Source CIDR block: Enter a source CIDR block.

    • Destination CIDR block: Enter a destination CIDR block.

  5. To add outbound rules, choose Outbound rules , Add outbound rule. Specify the following information, and then choose Add rule:

    • Rule number: Enter a priority to assign to the rule.

    • (Optional) Description: Enter a description for the rule.

    • Rule action: Choose the action to take for the packet.

    • Protocol: Choose the IP protocol to assign to the rule.

    • (Optional) Source port range: Enter the source port range.

    • (Optional) Destination port range: Enter the destination port range.

    • Source CIDR block: Enter a source CIDR block.

    • Destination CIDR block: Enter a destination CIDR block.

  6. To modify a rule, choose Inbound rules or Outbound rules. Select the rule and choose Modify inbound rule or Modify outbound rule. Update the rule as needed, and then choose Modify rule.

  7. To delete a rule, choose Inbound rules or Outbound rules. Select the rule and choose Delete. When prompted for confirmation, enter delete, and then choose Delete.

Modify traffic mirror filter tags

To modify your traffic mirror filters using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. On the navigation pane, choose Traffic Mirroring, Mirror Filters.

  3. Select the ID of the traffic mirror filter to open its details page.

  4. From the Tags tab, chooseManage tags.

  5. For each tag to add, choose Add new tag and enter the tag key and tag value.

  6. For each tag to remove, choose Remove.

  7. Choose Save.

To modify the traffic mirror filter tags using the AWS CLI

Use the create-tags command to add a tag. Use the delete-tags command to remove a tag.

Modify traffic mirror filter network services

To modify your traffic mirror filter network services using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. On the navigation pane, choose Traffic Mirroring, Mirror Filters.

  3. Select the traffic mirror filter.

  4. Choose Actions, Modify Network Services.

  5. [Mirror Amazon DNS traffic] Select amazon dns.

  6. Choose Modify.

To modify the network services traffic mirror filters using the AWS CLI

Use the modify-traffic-mirror-filter-network-services command.

Delete a traffic mirror filter

To delete a traffic mirror filter using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. On the navigation pane, choose Traffic Mirroring, Mirror Filters.

  3. Select the traffic mirror filter, and then choose Actions, Delete.

  4. When prompted for confirmation, enter delete, and then choose Delete.

To delete a traffic mirror filter using the AWS CLI

Use the delete-traffic-mirror-filter command.