VPC Flow Logs

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
19 hours 19 minutes
Difficulty
Intermediate
CEU/CPE
20
Video Transcription
00:00
>> Hey everybody and welcome back.
00:00
In this lecture, we're going to talk
00:00
about VPC Flow Logs.
00:00
The learning objectives for this lecture are going to be
00:00
to run over the overview of VPC Flow Logs.
00:00
These are essentially just Cloud logs,
00:00
but they pertain to your network environment.
00:00
VPC Flow Logs, what is it?
00:00
Essentially it's capturing information about
00:00
IP traffic that's going to be spun up within your VPC.
00:00
This is important because it helps with
00:00
security and helps with diagnostics,
00:00
it helps with performance enhancement.
00:00
Just general, if you're
00:00
designing architectures in your Cloud,
00:00
this is going to help you because you can measure this.
00:00
This is information, this is going to provide
00:00
data about what's going on within your network.
00:00
From a security perspective,
00:00
which is what I can speak to most prevalently,
00:00
the VPC Flow Logs can be used for
00:00
diagnostics on anything suspicious.
00:00
You can use VPC Flow Logs and stick it into a sim or
00:00
some type of security network analysis solution.
00:00
You can analyze the packets
00:00
for anything that might seem suspicious,
00:00
like maybe crypto mining,
00:00
any type of port sniffing, anything like that.
00:00
Maybe you've got an EC2 instance that
00:00
was compromised and they're sniffing out
00:00
your VPC network for what
00:00
other services and goodies might be within your VPC.
00:00
Those are the types of things that you can
00:00
identify within VPC Flow Logs.
00:00
Now, if you're coming from
00:00
a traditional network security background,
00:00
think Wireshark, like this is the type of stuff that you
00:00
would be analyzing inside Wireshark on a local network.
00:00
You can do this inside the AWS Cloud.
00:00
This is going to capture IP traffic.
00:00
It's going to capture the subnet
00:00
and anything related to your elastic network interfaces.
00:00
You're going to be able to use this to
00:00
monitor and troubleshoot issues.
00:00
Your VPC Flow Logs are being stored in
00:00
an S3 bucket and you can view them in CloudWatch.
00:00
But like I said, you can also view these flow logs
00:00
in any type of network packet analysis solution.
00:00
You can set up this as
00:00
an ingestion point and
00:00
you can receive these logs as well.
00:00
This is an example of a log that we received here.
00:00
You have an account ID which has been blocked out.
00:00
You have an ENI ID,
00:00
you have a source IP,
00:00
destination IP ports,
00:00
destination port, you have the packets,
00:00
you have bytes, you have to start time.
00:00
All of that good stuff.
00:00
Very helpful information.
00:00
Make sure you're leveraging this,
00:00
especially if you're concerned
00:00
about any type of security.
00:00
This is something that's going to be very beneficial.
00:00
To summarize real quick,
00:00
we did an overview on
00:00
VPC Flow Logs and we discussed an example,
00:00
I showed you an example of a VPC Flow Log.
00:00
Hopefully, you found this helpful.
00:00
This is something that you may see
00:00
a question on or two in your exam.
00:00
Make sure that you get comfortable with the idea of
00:00
how and why we have
00:00
VPC Flow Logs and you should be good to go.
00:00
I'll see you in the next lecture.
Up Next