- Newest
- Most votes
- Most comments
See this blog which walks you through on how to use VPC flow-logs with additional Meta-Data:
https://aws.amazon.com/blogs/aws/learn-from-your-vpc-flow-logs-with-additional-meta-data/
When you create a new VPC Flow Log, in addition to existing fields, you can now choose to add the following meta-data:
pkt-srcaddr
: the packet-level IP address of the source. You typically use this field in conjunction with srcaddr
to distinguish between the IP address of an intermediate layer through which traffic flows, such as a NAT gateway.
pkt-dstaddr
: the packet-level destination IP address, similar to the previous one, but for destination IP addresses.
You could also take a look at the CloudWatch metrics that the NAT gateway is sending to see if it is active.
NAT GW will be in the Public subnet of this VPC. Check the private subnet in that VPC, then check the routes and find out if the internet access (usually 0.0.0.0/0)is pointed to NAT-abc. If the route is present then the instances in the private subnet is using this NAT to communicate outside.
Relevant content
- Accepted Answerasked 7 months ago
- Accepted Answerasked a month ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 years ago