VPC Flow Logs/AWS Logging Services Flashcards
What type of traffic does vpc flow logs capture?
Only packet metadata.
What is the protocol number for ICMP?
1
What is the protocol number for TCP?
6
What is the protocol number for UDP?
17
Where do flow log data get stored?
Either Cloudwatch logs, S3 bucket, or Kinesis Firehose.
What are 9 types of traffic that are not logged by flow log?
AWS server traffic
AWS windows license activations
Instance metadata to 169.254.169.254
Time sync traffic to 169.254.169.123
DHCP traffic
Traffic from mirrored interfaces
VPC default gateway reserved IP address traffic
Traffic endpoint interfaces
Network load balancer
If you delete a flow log, is that data retained?
Yes
Where can flow logs be created?
Elastic load balancer
Amazon relational database (RDS)
Redshift
Workspaces
Nat gateways
Transit gateways
What are some use cases for flow logs?
Monitoring traffic sent/received from an EC2 instance
Analyzing traffic flows inside your VPC
Troubleshooting security group restrictions
*This list is not exclusive.
Is flow logs a real-time service?
No
When using flow logs, what are the two things AWS will charge you for?
1) Ingestion of data
2) Storage of the logs
What is Baseline service?
Data collected from monitoring metrics and logs are used to understand usage over time and to create a performance baseling.
What is Config service?
An AWS configuration tracking service. It records and stores a detailed record of how your services are configured. It is also considered a change management tool for tracking changes.
What is Application Insights service?
AWS managed service that can automatically perform discovery on resources and workloads that it supports. It helps identify issues and resolve problems with applications, databases, and workloads.
What is Inspector services?
AWS managed service that performs security/vulnerability analysis and assessments for EC2 and ECR container instances, applications, network accessibility, and how security is configured for the application instances.
