How do I monitor traffic in my VPC with flow logs?

Last updated: 2022-01-07

VPC flow logs help you track and understand traffic to and from your VPC, a subnet, or a network interface. This data is then stored in Amazon CloudWatch to analyze later.

Review the flow log limitations, and determine if they’ll work for your use case. If so, create an IAM role for your flow log and then create a flow log.
Note: Flow logs are not updated in real time. It's a best practice to use flow logs for analysis and troubleshooting only.

You can use this AWS CloudFormation template to create flow logs. Be sure to select the appropriate Region and input parameters. You can delete the CloudFormation stack to turn off VPC Flow Logs. However, deleting the CloudFormation stack doesn't remove VPC flow logs already stored in CloudWatch Logs.

You can also deliver flow logs to Amazon Simple Storage Service (Amazon S3). Flow log data is published to an existing Amazon S3 bucket that you specify. For more information, see Publish flow logs to Amazon S3.