Posted On: Jan 23, 2023

Amazon Detective now adds visual summaries and analytics about your Amazon Virtual Private Cloud (VPC) flow logs from your Amazon Elastic Kubernetes Service (EKS) workloads. This new capability visualizes all network traffic from your EKS workloads and allows you to quickly answer questions like “what ports or network services were in use by my EKS workloads?”, “were there any large data transfers from my EKS workloads?”, and “what IP address were connected to my EKS workloads?” These details help security analysts investigate potential security issues, diagnose unexpected network behavior, and identify other AWS resources that might be affected.

Amazon Detective automatically collects VPC flow logs from your monitored AWS accounts. Before today, Detective would allow you to interactively examine VPC flow log information for your Amazon Elastic Compute Cloud (Amazon EC2) instances. Now Detective allows you to examine VPC flow log information for your EKS workloads, display visual summaries about these network flows, and aggregate information by EKS pods.

To take advantage of this new capability, you can enable EKS audit logs to your Detective behavior graph. The first 30 days of enabling EKS audit logs as a data source in Detective are available at no additional charge for existing Detective accounts. For new accounts, EKS audit logs as a data source is automatically enabled and part of the 30-day free trial. During the trial period, you can see the estimated cost after the trial period ends in the Detective Management Console. If you have already enabled EKS audit logs as a data source, then you’ll see network visualizations under the profile panel for your EKS pods.

Support for VPC flow log visualization for EKS workloads is available only in Detective and in all AWS Regions where Detective is available, including AWS GovCloud (US) Regions. To learn more, visit the Amazon Detective product page.