Questions tagged with VPC Flow Logs

I am setting up an Amazon GuardDuty and I am interested in the VPC Traffic Flow Logs collected and sent to GuardDuty. Can I customize this Traffic? For example, in my Account there are 5 VPCs and I...

Hello All, Vpn tunnels are established and SG and ACLS are opened but traffic from our vm towards internet is not going through , i see traffic on my on prem firewall and response as well but return...

Hello! I've been working steadily on attempting to apply security features that further enhance the security of my infrastructure created using Terraform and AWS CloudFormation! In spite of my...

I manage multiple AWS accounts and need to enable access logging for S3 buckets, VPCs, and Load Balancers. How can I configure these logs for each account and centralize them in a single "Log"...

Hello everyone, How can I see details about data transfer between VPC (if possible, my EC2 instances) and the s3 endpoint? For example, with the VPC flow log, I can see the IP addresses and the...

Hi there, I run different services on the same EC2. Let's call them service A and service B. When a service talks to another service, private IP is used (ports might be different). So in the VPC flow...

Greetings guys, I have created IPsec site to site tunnel between my VPC and on-premise, first tunnel is UP the second is DOWN.I have two IP blocks on-premise I can reach/ping one block from EC2...

Hello Experts, I have a few Network Load Balancers in my environment which do not have any security groups attached. Additionally, the NACLs for the subnet allow all inbound and outbound traffic....

hi, i am looking to get an alert if vpc flow log has srcaddr range between 8.29.0.0 to 8.29.255.255 can anyone please help me how can I get pattern for it

Hi All, we have an use case like, we have allowed one cidr (10.0.0.0/8) in our NACL of NLB Subnet. so we are sending our VPC flow logs for NLB subnet ENI to cloudwatch and from there ,using...

Hi, We are seeing traffic in our NLB access logs that does not have TLS cipher information (and 0 bytes). This traffic also does not appear to be routed through to our target instances....

Use case and context: We are using Databricks, and we have a Databricks Workspace in a specific region, reading and writing files from/to the same region in S3. We also read from a Databricks Shared...