Posted On: Mar 17, 2023
Amazon CloudWatch Logs now supports ingesting enriched metadata introduced in Amazon Virtual Private Cloud (Amazon VPC) flow logs as part of versions 3 to 5 additional to the default fields. This launch includes metadata fields that provide more insights about the network interface, traffic type, and the path of egress traffic to the destination.
Enriched metadata fields in VPC flow logs reduces operational overhead associated with additional computations or analysis to extract meaningful information from log data. You can use VPC flow logs to monitor VPC traffic, understand network dependencies, troubleshoot network connectivity issues, and identify network threats.
To get started, create a new flow log subscription from the Amazon VPC console with your chosen set of metadata fields and destination as CloudWatch Logs. When configuring the flow log delivery, you can select from a list of available metadata fields from the log format dropdown, including new fields to identify location (region, availability zone ID, sublocation ID, and sublocation type) and existing fields such as Transmission Control Protocol (TCP).
We now support VPC flow logs versions 3 to 5 in all commercial regions and AWS GovCloud (US) Regions where Amazon CloudWatch Logs is available. For more information on regional availability, see the AWS Region table.
For more information, visit the Amazon CloudWatch Logs pricing page to learn about vended logs pricing. To learn more about Amazon CloudWatch Logs, visit our documentation.