0Pricing
AWS Security Academy · Lesson

Flow Logs at VPC, Subnet, and ENI Levels

Choose the right scope for the visibility you need.

Three Levels of Scope

You can enable Flow Logs at three levels: the entire VPC, a single subnet, or one elastic network interface (ENI). The level you choose decides how much traffic is captured and where the visibility focuses. Picking the right scope balances coverage against volume and cost.

VPC-Level Flow Logs

A flow log at the VPC level captures traffic for every network interface in every subnet of that VPC, including interfaces created later. This is the broadest coverage and the simplest to manage, since one configuration blankets the whole VPC. It is the usual choice for comprehensive security monitoring.

All lessons in this course

  1. What VPC Flow Logs Capture
  2. Reading Flow Log Records and Fields
  3. Flow Logs at VPC, Subnet, and ENI Levels
  4. Spotting Suspicious Traffic in Flow Logs
← Back to AWS Security Academy