View Flow Logs in CloudWatch

When publishing to CloudWatch, flow log data is published to a log group, and each network interface has a unique log stream in the log group. Log streams contain flow log records. You can create multiple flow logs that publish data to the same log group.

  1. In the EC2 Dashboard, navigate to Instances

  2. Select the checkbox next to VPC A Private AZ1 Server, scroll down to the Networking tab and make a note of the Interface ID under Network Interfaces

Instance ENI

VPC Flow logs can be sent to either an Amazon S3 bucket or CloudWatch. In this lab, you configured the flow logs from VPC A to be sent to CloudWatch.

  1. Navigate to Log Groups in the CloudWatch console and click on the NetworkingWorkshopFlowLogsGroup log group

    Log groups

  2. Click on the log stream matching the interface ID noted in step (1) to see the flow records for that interface (make sure to select the ENI from VPC A EC2)

    Flow Log Streams

  3. Click on any entry to expand the log line

    Flow log ENI

Anatomy of a flow log:
Flow log anatomy