By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to scan outgoing VPC traffic to determine ports being called.

0

Customer wants to baseline their network by understanding what outgoing ports are being called by systems within their VPC.

I know that you can turn on VPC flow logs, but that captures a lot of other information. They could install an agent on EC2 and K8S but that is pretty time consuming.

Is there a simple way to get this information?

Topics
Networking & Content Delivery
Tags
Amazon VPCNetworking & Content Delivery
Language
English
AWS
MODERATOR
AWS-User-4245468
asked 5 years ago895 views
1 Answer
0
Accepted Answer

The choices boil down to:

  1. Native VPC flow logs; VPC flow logs can now go directly to S3 (link). The use case (e.g. how frequently, fast, etc.) and preference will help determine the right query/visualization tool. CloudWatch Logs and Log Insights is a good solution, but S3 also opens the door to Athena, QuickSight, etc.

  2. Agent-based logging via a roll-your-own or APN partner solution. Software on the individual EC2 instances reporting activity back to some sort of central reporting or data store.

  3. Set up an EC2 instance (or instances) as a router / security appliance for packet inspection. Configure other EC2s to route their requests through this software appliance.

If they're looking for a simple way to get this info, I think #1 is the best bet. For example, consider dumping VPC Flow Logs to S3 and querying with Athena.... serverless solution, no EC2, K8, needed.

AWS-User-9164621
answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content