AWS Cloud Operations & Migrations Blog

Category: Amazon VPC

How to enable VPC Flow Logs automatically using AWS Config rules

This post discusses an automated process for enabling Amazon Virtual Private Cloud (Amazon VPC) Flow Logs using AWS Config rule remediation. Customers use Amazon VPC Flow logs to capture information about the IP traffic going to and from network interfaces in an Amazon VPC. You can deploy this solution with the help of AWS Control […]

Using VPC endpoints for AWS X-Ray

Today, AWS X-Ray announces the general availability of VPC endpoint support, which makes it possible for you to establish a private connection between your VPC and AWS X-Ray. Applications running in your VPC can now communicate with AWS X-Ray to send trace data without going through the public internet. In this post, I will show […]

Automating shared VPC deployments with AWS CloudFormation

Automating shared VPC deployments with AWS CloudFormation

VPC sharing allows customers to share subnets from a central AWS account with other AWS accounts in the same organization created in AWS Organizations. Centralized control of your virtual private cloud (VPC) structure allows you to maintain separation of duties through AWS account boundaries. A best practice for creating VPCs and other resources in the AWS […]

Improve security by analyzing VPC flow logs with Amazon CloudWatch Contributor Insights

You can use rules in Amazon CloudWatch Contributor Insights to gain security visibility into your VPC flow logs. The rules analyze flow logs in targeted groups in Amazon CloudWatch Logs and display the Top-N contributors for a given log field or combination of log fields. In this post, I’ll show you how to set up CloudWatch Contributor Insight rules for VPC flow logs. I’ll demonstrate how to:

Map the VPC flow log format to rules in Contributor Insights.
Explain how a single rule can be used to monitor many VPC flow logs.
Walk through some sample rules and show them in a CloudWatch dashboard.

Customizing account configuration with AWS Control Tower lifecycle events

Customizing account configuration with AWS Control Tower lifecycle events

In this blog post, we show how to customize the networking configuration in an AWS account. For example by deleting the default VPCs in all AWS Regions, using AWS Resource Access Manager to share the appropriate VPC subnets and using AWS Firewall Manager to apply security groups to VPCs in the account.