Amazon VPC Flow Logs Now Support 1-minute Aggregation Intervals
You can now capture and aggregate your Amazon Virtual Private Cloud (Amazon VPC) flow logs at shorter intervals of up to 1 minute, giving you quicker visibility into your network traffic flows. With a 1-minute configuration, your VPC flow logs arrive in an expedited manner and provide more granular visibility into the sequence of events in a flow, thereby enabling you to accurately investigate and rapidly respond to security incidents, or troubleshoot connectivity issues faster.
To get started, you can choose a maximum aggregation interval (also known as capture window) of 1 minute while creating a new flow log using the AWS Management Console, the AWS Command Line Interface (AWS CLI) or the AWS Software Development Kit (AWS SDK). Your flow logs will then be aggregated at intervals of up to 1 minute, before they are processed and published. By default, the maximum aggregation interval is 10 minutes.
There is no additional charge for flow logs with a maximum aggregation interval of 1 minute. Standard rates apply based on your choice of log destination. Learn about the pricing to deliver Amazon VPC flow logs to S3 or CloudWatch Logs here. For more information about Amazon VPC flow logs, please refer to the documentation.