By using AWS re:Post, you agree to the Terms of Use

NAT Gateway Traffic Capture for a Specific IP.

0

We want to Export Data For NGW which would give us the EC2 IP which is sending traffic outside via NAT Gateway. Currently we are following one doc and its giving Src Address of Nat Gateway Private IP however we are looking for EC2 IPs which are sending data out. Please let us know how to get the same. We are Using Cloud Watch Insight/Query to export the data.

https://aws.amazon.com/premiumsupport/knowledge-center/vpc-find-traffic-sources-nat-gateway/

2 Answers
1

Here is a blog that describes this in detail: https://aws.amazon.com/blogs/aws/learn-from-your-vpc-flow-logs-with-additional-meta-data/


When you create a new VPC Flow Log, in addition to existing fields, you can now choose to add the following meta-data:

pkt-srcaddr : the packet-level IP address of the source. You typically use this field in conjunction with srcaddr to distinguish between the IP address of an intermediate layer through which traffic flows, such as a NAT gateway.

profile picture
answered 5 months ago
0

Try enabling enriched flow logs as there are additional fields that are included - of interest are the source IP address of the flow before it has passed through NAT Gateway.

profile picture
EXPERT
answered 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions