With Amazon Virtual Private Cloud (Amazon VPC), you can launch AWS resources in a logically isolated virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

Capture information about IP traffic going into your interfaces:
• VPC Flow Logs
• Subnet Flow Logs
• Elastic Network Interface (ENI) Flow Logs
• Helps to monitor & troubleshoot connectivity issues
• Flow logs data can go to S3, CloudWatch Logs, and Kinesis Data Firehose
• Captures network information from AWS managed interfaces too: ELB,
RDS, ElastiCache, Redshift, WorkSpaces, NATGW, Transit Gateway…

VPC Flow Logs –Traffic not captured

• Traffic to Amazon DNS server (custom DNS server traffic is logged)
• Traffic for Amazon Windows license activation
• Traffic to and from 169.254.169.254 for EC2 instance metadata
• Traffic to and from 169.254.169.123 for Amazon Time Sync service
• DHCP traffic
• Mirrored traffic
• Traffic to the VPC router reserved IP address (e.g., 10.0.0.1)
• Traffic between VPC Endpoint ENI and Network Load Balancer ENI

We can use query with Athena ( top 10 ip adress)

We enable VPC Flow and we sent logs to S3 and CloudWatch

We created VPC

aggreation interval 10 minutes because 1 minute means to many logs and it can be expensive and if we want to sent logs to CloudWatch, we need IAM role

Right now we sent logs to S3.