AWS Security Academy · Lesson

What VPC Flow Logs Capture

Understand the connection metadata recorded for your network.

What VPC Flow Logs Are

VPC Flow Logs capture metadata about the IP traffic flowing to and from network interfaces in your Virtual Private Cloud (VPC). They record information about connections, giving security teams visibility into who talked to whom, on which ports, and whether the traffic was allowed or blocked.

Metadata, Not Payload

A crucial point: Flow Logs record connection metadata only, never the actual packet contents. You see source and destination IPs, ports, protocol, byte and packet counts, and the action taken. You do not see the data inside the packets. For payload inspection you need VPC Traffic Mirroring instead.

All lessons in this course

What VPC Flow Logs Capture
Reading Flow Log Records and Fields
Flow Logs at VPC, Subnet, and ENI Levels
Spotting Suspicious Traffic in Flow Logs

← Back to AWS Security Academy