- Newest
- Most votes
- Most comments
The choices boil down to:
-
Native VPC flow logs; VPC flow logs can now go directly to S3 (link). The use case (e.g. how frequently, fast, etc.) and preference will help determine the right query/visualization tool. CloudWatch Logs and Log Insights is a good solution, but S3 also opens the door to Athena, QuickSight, etc.
-
Agent-based logging via a roll-your-own or APN partner solution. Software on the individual EC2 instances reporting activity back to some sort of central reporting or data store.
-
Set up an EC2 instance (or instances) as a router / security appliance for packet inspection. Configure other EC2s to route their requests through this software appliance.
If they're looking for a simple way to get this info, I think #1 is the best bet. For example, consider dumping VPC Flow Logs to S3 and querying with Athena.... serverless solution, no EC2, K8, needed.
Relevant content
- asked 5 years ago
- asked 10 months ago
- asked a month ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 7 months ago