
AWS VPC Traffic Mirroring - jeffbarr
https://aws.amazon.com/blogs/aws/new-vpc-traffic-mirroring/
======
gauravphoenix
What's really interesting is that you can capture amazon-dns traffic. This is
gold for security purposes.

------
teilo
It's about time. Finally, IDS/Session monitoring that is external to the hosts
one is monitoring.

------
mlosapio
Awesome feature that will likely unlock a bunch of services or service
providers like Iceberg, Snort and Suricata to be able to capture and inspect
traffic inside the cloud.

~~~
milkshakes
the floodgates are open! my favorite, from the folks behind bro:
[https://www.corelight.com/company/newsroom/news/corelight-
cl...](https://www.corelight.com/company/newsroom/news/corelight-cloud-sensor-
for-aws/) [https://www.corelight.com/products/corelight-
sensors/#cloud](https://www.corelight.com/products/corelight-sensors/#cloud)

------
aidos
Oh interesting. Could you use this to test a system using live traffic before
a release?

~~~
jedberg
I'm pretty sure you could. You could mirror your live traffic to a test, but
that's generally a bad idea. You have to make sure no data gets out of your
test system either towards the client or towards the database. Gotta be real
careful when mirroring real traffic.

Of course, using it to capture raw requests and replaying them would be a
decent use case.

------
pg_bot
This looks really useful. I think you can now offer a full intrusion detection
service as a marketplace service on AWS with minimal configuration.

------
rawland
Slightly off-topic:

Amazon Polly breathing in drives me nuts.

~~~
jjeaff
I know, it hasn't improved since they launched it. I feel like an hour or two
tweaking it could make it sound fine. I can't believe someone listened to that
and said, ya, that sounds really good, let's launch it.

Maybe they were using Christopher Reeves as the voice model.

------
jcims
I wonder if this could be used for high availability between two ec2 instances
(vrrp/hsrp style)

~~~
not4u2know
VPCs would need to support multicast for VRRP to be an option.

~~~
skullborg
There are unicast options for VRRP

