Does AWS VPC Flow Logs only display private IP addresses for srcaddr and dstaddr, or can it also include public IP addresses?

Question

What I'm trying to do is to use vpc flow log's srcaddr and dstaddr (or pkt-src-addr and pkt-dst-addr?), and traffic-path to analyze incoming and outgoing traffic based on a specific elastic ip address.

The private/public ip address of the elastic ip address will be obtained through the AWS SDK, and I planned to compare the srcaddr and dstaddr of the vpc flow log with the IP obtained through the AWS SDK to check whether the traffic is EIP traffic.

But I wasn't sure whether srcaddr and dstaddr displayed in vpc flow log only show private address.

Does AWS VPC Flow Logs capture and display public IP addresses in addition to private IP addresses for srcaddr and dstaddr fields?

Accepted Answer

Yes, VPC flow logs will show public IPs being either accepted or rejected based on the flow log settings:

![Enter image description here](/media/postImages/original/IMqdcy3zT5T4eiWneH5rPGuw)

Answer

Also take a look at this blog: https://aws.amazon.com/blogs/aws/learn-from-your-vpc-flow-logs-with-additional-meta-data/

As you can see from the examples in it, public IPs are shown in the flow logs as well.

Does AWS VPC Flow Logs only display private IP addresses for srcaddr and dstaddr, or can it also include public IP addresses?

関連するコンテンツ