VPC flow logs are an important part of AWS to help troubleshoot connectivity and security issues and to make sure that security group access is in the right place.
The logs capture important information about the IP traffic to and from network interfaces, subnets and VPCs in the AWS infrastructure. They are used to monitor security by tracking traffic reaching and leaving the resources(instance, databases, etc) in the AWS infrastructure.
The logs provide network flow visibility in the dynamic cloud which helps in tightening security and understand network performance.
And of course, keep the SecOps team off your back.
The flow logs provide a number of avenues to tighten your security and make sure everything is connecting as needed.
The VPC flow logs help in identifying latencies, establish performance baselines and tweak apps as needed.
It provides granular information like traffic flow duration & latencies, bytes sent which in turn helps in identifying performance issues quickly. Having quantifiable data from the logs helps in providing a better user experience.
VPC flow logs are employed to monitor internal application services. The applications build on the microservices architecture heavily rely on internal traffic to communicate.
Note: Understanding VPC flow logs also provides an opportunity to save bandwidth costs like Mikuláš did. You can read more about it here.
Enabling them is the easy part but analyzing VPC flow logs is just another ball game. There are multiple ways of analyzing the VPC flow logs but most of them are expensive in terms of bandwidth and time needed to set them up. Below are certain ways to set up your dashboard.
AWS has provided these logs to improve network visibility and tackle security, performance, and cost.
P.s. – We recently opened the registrations to the closed beta for visualizing VPC flow logs in a virtual environment.