Posted On: Jun 25, 2019

Customers can now replicate the network traffic from an EC2 instance within their Amazon Virtual Private Cloud (Amazon VPC) and forward that traffic to security and monitoring appliances for use cases such as content inspection, threat monitoring, and troubleshooting. These appliances can be deployed on an individual Amazon EC2 instance or a fleet of instances behind a Network Load Balancer (NLB) with a User Datagram Protocol (UDP) listener. Amazon VPC traffic mirroring also supports traffic filtering and packet truncation, allowing customers to extract only traffic they are interested in monitoring.

To maintain and ensure the security of the network, customers need to know what is happening in the network and to their applications. Until now, customers had to install and manage third-party agents on Amazon EC2 instances to capture and mirror EC2 instance traffic. This approach is hard to scale and complex to manage. Amazon VPC traffic mirroring addresses these challenges by allowing customers to natively replicate their network traffic without having to install and run packet-forwarding agents on EC2 instances. Traffic mirroring feature captures packets at the Elastic Network Interface (ENI) level, which cannot be tampered with from the user space, thus offering better security posture. Customers can choose to analyze their network traffic from the wide-range of monitoring solutions integrated with Amazon VPC traffic mirroring on AWS Marketplace.

This feature is now available on all virtualized Nitro-based instances. Amazon VPC traffic mirroring is available in all public AWS Regions, with support in Asia Pacific (Sydney), China (Beijing), and China (Ningxia) AWS Regions coming soon. You can learn more about this feature by reading our documentation.