VPC Traffic Mirroring – Logging and Monitoring – SCS-C02 Study Guide

VPC Traffic Mirroring

VPC Traffic Mirroring, as the name implies, allows you to duplicate network traffic from ENIs attached to instances so that the duplicated traffic can then be sent to third-party tools and services for traffic analysis and inspection.

When configured, the duplicated traffic is sent to a target; this could be a Network Load Balancer, using UDP as a listener, that sits in front of a fleet of appliances dedicated to network analysis. Alternatively, you could use another EC2 instance as a target, pointing it to the ENI of the instance. These targets could also be in a different VPC for additional management if required.

With a grasp of VPC traffic monitoring, you can move to the logs you can obtain from the ELB service.

Elastic Load Balancer Access Logs

The ELB service allows you to turn on optional logging, which captures and monitors the requests flowing through your load balancers. These logs can also help you analyze traffic patterns and troubleshoot issues with the targets to which the load balancers are sending requests.

The access logs, once enabled, are delivered to an S3 bucket that you specify during the setup and the log files are compressed. You need to decompress the files before accessing the raw log files.

AWS ELB log files can be used for several purposes, including the following:

  • Troubleshooting: The ELB log files contain detailed information about the requests that were served by the load balancer, including the source address, the request URL, the HTTP status code, and the response time. This information can be used to troubleshoot issues with your application, such as slow response times, errors, or connectivity problems.
  • Performance analysis: ELB log files can provide insight into the performance of your application by you or another team member analyzing the response time and latency of requests served by the load balancer. This can help you identify areas of your application that may require optimization, such as slow database queries or inefficient code.
  • Security analysis: ELB log files can be used to analyze traffic patterns and detect potential security threats, such as distributed denial of service (DDoS) attacks, bot traffic, or suspicious behavior.
  • Compliance and auditing: ELB log files can be used to comply with regulatory requirements and auditing standards by providing detailed information about the traffic served by the load balancer.
  • Capacity planning: ELB log files can be used to analyze traffic patterns and forecast future capacity requirements for your application, allowing you to plan for future growth and scale your infrastructure accordingly.

The following section presents an example log file and teaches you how to read and understand its contents.