

VPC Flow Logs – Log and View Network Traffic Flows - jeffbarr
https://aws.amazon.com/blogs/aws/vpc-flow-logs-log-and-view-network-traffic-flows/

======
cddotdotslash
This is an amazing service. At this point, combined with the CloudWatch to
Kinesis announcement earlier, AWS can pretty much act as a near-realtime IDS.
If every packet headed into the VPC can be collected, analyzed, and acted
upon, the opportunity is endless.

On a practical note, I enabled this on an account and have setup metrics
filters. Being able to see charts and graphs of failed SSH attempts and
attacks by port is really cool.

~~~
wrayjustin
The issue at this point is the lack of full packet capture.

------
wrayjustin
I really wish they would give us a way to get full packet capture from the
entire VPC.

Simply add a span option, that we can send all traffic to a specific network
interface (ENI). Or at the very least allow us to define custom routers
(verses the VPC routes), where we could then capture/span/analyze/etc - this
would provide us the means to analyze traffic from one VPC to another and
inbound/outbound traffic.

------
ranman
It's so hard to keep up with all the new features. This is so cool -- I'm
excited to see people use it. Now if only I had the traffic to play with it.

~~~
cddotdotslash
Even if you run a low-traffic or no-traffic instance you'll almost undoubtedly
have REJECT packets. I enabled it on a VPC I barely use and had 100 events in
a few minutes of rejected packets from port scanners and other attackers.

------
Programmatic
Great timing, troubleshooting an issue that this will come in handy for.
Thanks!

------
earless1
Thanks for the post Jeff! this is huge for us, we finally get a whole view of
our networks in VPC.

~~~
jeffbarr
You are welcome!

------
kerals11
Add another one to the list of things my team didn't know about until a public
launch..

~~~
rqbanerjee
you're not supposed to know about it until the public launch :) that was
yesterday.

~~~
anderiv
If you ask, you can request from your AWS account rep to sign an NDA, after
which you can get insights into what features are upcoming.

