- Newest
- Most votes
- Most comments
The most efficient way to find the source and destination for IP flows is through VPC FLow Logs. These are stored in an S3 bucket and you can use tools like Athena to query them. Here is a full explanation on the setup [1]. I highly recommend setting up S3 Lifecycle policies so that the data from the VPC flow logs will be deleted automatically after some amount of time (7 days, 30 days, whatever you deem too long).
The Data Transfer Regional Bytes means that it's probably Cross AZ data transfer traffic. If you determine the traffic is coming from or going to AWS Services (there is an option in the VPC Flow log setup to include which AWS Service is being addressed), then you may find that enabling VPC Endpoints [2] a cost effective method to avoid the data transfer costs and for the VPC resources to communicate directly with the AWS Service is question. Take note that there are some costs associated with VPC Endpoints.
[1] https://docs.aws.amazon.com/athena/latest/ug/vpc-flow-logs.html [2] https://docs.aws.amazon.com/whitepapers/latest/aws-privatelink/what-are-vpc-endpoints.html
Relevant content
- asked 3 months ago
- Accepted Answerasked 4 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
Thank you for your help, Shlomo. I will have to research and learn more about how to create an effective flow flog to better understand where my data transfer utilization is coming from.
I had hope to find some simple mapping between the claim of 850MB of utilization and some AWS resource like a load balancer or something that I could directly correlate to the usage warning, but it doesn't seem quite so clear.
I will research your suggestion. Thank you so much.