How do I monitor traffic in my VPC with flow logs?

Last updated: 2022-10-27

VPC flow logs help you understand and track traffic to and from your VPC, a subnet, or a network interface. This data is also stored in Amazon CloudWatch for analysis at a later time.

Review the flow log limitations and determine if they’ll work for your use case. If so, create an AWS Identity and Access Management (IAM) role for your flow log, and then create a flow log.

Note: Flow logs aren't updated in real time. It's a best practice to use flow logs for analysis and troubleshooting only.

You can use this AWS Automation document to create flow logs to CloudWatch Logs or Amazon Simple Storage Service (Amazon S3). Be sure to have the required input parameters. For more information, see Publish flow logs to CloudWatch Logs and Publish flow logs to Amazon S3.

Another option would be to deliver VPC flow logs to Amazon Kinesis Data Firehose. For more information, see Publish flow logs to Kinesis Data Firehose.