Categories: AWS

On a recent secure government project, our client had a number of challenging security and least privileged requirements.  One of which was to limit traffic to and from instances.

AWS have security groups which are ideal for network segmentation, as it allows restricting inbound and outbound traffic to like instances.

Although there is a wealth of documentation from various vendors on ports that are required to function, there were always some that slipped through the net.

Welcome VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data is stored using Amazon CloudWatch Logs.

The setup is documented here https://aws.amazon.com/blogs/aws/vpc-flow-logs-log-and-view-network-traffic-flows/

From the AWS cli you can export these logs into a text file and import into excel to gain a greater visibility of the traffic patterns using the following command.

$ aws logs get-log-events –log-group-name xxxxx –log-stream-name xxxxxx > c:\Temp\flowlog.txt