Posted On: Jul 14, 2022
Starting today, Amazon VPC Flow Logs adds support for Transit Gateway. With this feature, Transit Gateway can export detailed telemetry information such as source/destination IP addresses, ports, protocol, traffic counters, timestamps and various metadata for all of its network flows. This feature provides you with an AWS native tool to centrally export and inspect flow-level telemetry for all network traffic that is traversing between Amazon VPCs and your on-premises networks via your Transit Gateway.
Transit Gateway enables you to connect thousands of Amazon Virtual Private Clouds (VPCs) and your on-premises networks using a single gateway. Until now VPC flow logs provided network telemetry from individual VPCs attached to the Transit gateway, and you had to run complex procedures to correlate that data for gaining end-to-end network insights. With Transit gateway Flow logs, you are able to gain flow-level insights from one central point in your network(s) using a single AWS account. This capability provides you with flow-level visibility for traffic across AWS regions over Transit gateway peering connections as well as your traffic over Direct Connect and Site-to-site VPN connections without having to rely on third-party routers or telemetry export tools. Transit Gateway Flow Logs feature can help you with myriads of use-cases around proactive network troubleshooting, network capacity planning and compliance and security.
To get started, simply create a new Flow Logs subscription using Transit Gateway or a Transit Gateway Attachment as a resource. You can select custom log format to choose specific log fields and the desired log destination type such as Amazon S3 or Cloudwatch logs. This feature is available through the AWS Management Console, the Amazon Command Line Interface (Amazon CLI), and the Amazon Software Development Kit (Amazon SDK).
VPC Flow Logs support for Transit Gateway is available in all the AWS public and AWS GovCloud (US) regions where AWS Transit Gateway is available. There are no additional charges to enable this feature on Transit Gateway. For additional information, visit the AWS Transit Gateway product page, documentation and the blog post.