Skip to main content

VPC Flow Logs

VPC Flow Logs from all accounts centralized in the audit account for network visibility.

Problems this Architecture solves

Provides a shared network audit trail instead of leaving traffic visibility fragmented by account.
Makes suspicious east-west and north-south traffic easier to investigate during incidents.
Supports troubleshooting, compliance, and traffic analysis without depending on per-team log storage decisions.

What's Captured

Source/Destination: IP addresses and ports
Protocol: TCP, UDP, ICMP
Action: ACCEPT or REJECT
Bytes/Packets: Traffic volume
Flow Direction: Ingress or egress
VPC Endpoint: Traffic through VPC endpoints

Use Cases

Security Analysis: Identify unauthorized access attempts
Network Troubleshooting: Debug connectivity issues
Cost Optimization: Identify high-traffic endpoints
Compliance: Network activity audit trail
Threat Detection: Unusual traffic patterns

Analysis Tools

Athena: SQL queries for ad-hoc analysis
CloudWatch Insights: Real-time log analysis
VPC Flow Logs Insights: Built-in analysis tool
Third-party SIEM: Export to Splunk, Datadog, etc.

Problems this Architecture solves
What's Captured
Use Cases
Analysis Tools