Inbound traffic to NAT Gateway from AWS

0

I'm struggling to identify the origin of some requests to my NAT Gateway. Followed the instructions for past posts to get the Cloudwatch logs, understood the issue were inbound requests, and the following query shows me a sample of what's causing it:

filter (srcAddr like /18.161.*/ or srcAddr like /3.163.*/ ) and dstAddr like '<nat-gateway-ip>' | limit 10

Those IPs belong to CLOUDFRONT and AMAZON services, as per described on the query. The AMAZON requests (srcAddr like /3.163.*/) has a pkt-src I can't find on my network (will keep trying to find it). The CLOUDFRONT is the most misterious one. pkt-src address is the src-addr IP itself, which belongs to AWS, the destination is the nat gateway, the ENI is from the NAT gateway, and it ends there - I have no clue what is the origin and intended destination on the network.

Has anyone faced something similar before?

Bianca
질문됨 일 년 전578회 조회
1개 답변
1

Have you tried VPC Flow-logs with additional metadata? See this repost question

profile pictureAWS
전문가
답변함 일 년 전
  • Yes, the thing is that the pkt-srcaddr is exactly the same as the srcaddr. I do know we have way more ECS tasks spinning up due to the use of a tool called Dagster to run our syncs so I'm starting to consider that the issue is the downloads from ECR. Another thought I had was traffic between AZs as I only have one NAT in us-west-2a and containers spread across us-west-2a and us-west-2b.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠