Network Monitoring in AWS Virtual Private Cloud Environments

Using cloud-based servers has a lot of advantages, but until very recently it has had one disadvantage: reduced network monitoring capability. When you operate your own switches and routers in a data center you have mirror ports and NetFlow data to use for security and performance analysis. When you operate cloud-based servers those tools aren't available.

Fortunately, AWS customers have a new option: VPC Flow Logs. If you use a Virtual Private Cloud in AWS you can now enable logging of the network traffic to, from, and inside your private network. The records are stored in special CloudWatch log groups, and are similar to those available in NetFlow logs:

  • They contain which IP endpoints are communicating inside and outside the VPC
  • They show what protocols (like TCP and UDP) are being used, and the amount of traffic that's sent and received
  • They describe whether the flow was allowed or blocked by the security policy


Like NetFlow logs, VPC Flow Logs can be used as the input for endpoint modeling (the process behind Observable Networks' security service). This has important advantages over existing techniques:

  • You don't have to deploy monitoring agents to the individual EC2 machines in the VPC
  • You can monitor machines that can't run an agent, such as some Windows servers or private Redshift clusters
  • You don't have to route monitoring data out of the VPC; machines that don't need to talk to the Internet don't have to export records to some intermediate host.

To get even better visibility into your network sign up for our free trial.

Experience Dynamic Endpoint Modeling on Your Own Network

Getting better visibility into your network and improving your security couldn’t be easier. Sign up for a free, no-risk trial of Observable’s Endpoint Modeling solution, and change the way you see security.