1 Answer

0 votes
by
What is a VPC FlowLog?

VPC FlowLog is a feature of aws that captures the information about the IP traffic going to or from the network interfaces in a VPC.

Amazon FlowLog data can be either stored either by using the Amazon CloudWatchLogs or Amazon S3 bucket.

After you have created a FlowLog, you can view and retrieve the data from the Amazon CloudWatch Logs.

In short, we can say that VPC FlowLog is a way of storing the traffic going in a VPC.

FlowLogs serve a number of purposes:

Troubleshoot the problem "why specific traffic is not reaching an instance".

VPC FlowLog can also be used as a security tool to monitor the traffic which is reaching your instance.

Limitations of VPC FlowLog:

You cannot enable the flowlog of VPC that are peered with your VPC unless it has peered with the VPC in the same account.

While creating a flowlog, you cannot tag a flowlog.

Once you have created the flowlog, you cannot change its configuration. For example, if you associate an IAM role to the flowlog then you cannot change the IAM role. In such cases, you need to delete the flowlog and create the new flowlog with the desired configuration.

VPC FlowLog Levels

VPC FlowLogs

VPC FlowLogs can be created at three levels:

VPC

Subnet

Network Interface Level

How to create a VPC FlowLog

Sign in to the AWS Management Console.

Move to the VPC service and we can see from the below screen that VPC with the name javatpointvpc has already been created.

Related questions

+1 vote
asked Sep 6, 2019 in AWS by tiger
+1 vote
asked Sep 6, 2019 in AWS by tiger
...