vpc flow logs connection tracking @ aws berlin user group meetup august 2015
Post on 18-Jan-2017
586 Views
Preview:
TRANSCRIPT
VPC Flow LogsConnection Tracking
AWS Berlin Meetup 2015-08-24henning.jacobs@zalando.de @try_except_
AWS
STUPS
DOCKERDEPLOY
SSH ACCESS
AUDIT REPORTS
FULL AWS ACCESS
STUPS: A PLATFORM ON TOP OF AMAZON WEB SERVICES
Internet
*.abc.example.org *.xyz.example.org
Team ABC Team XYZ
ISOLATED AWS ACCOUNTS
EC2EC2
ELBELB
EC2
● 800+ in Zalando Tech
● 90+ AWS Accounts
● 160+ Applications
SOME NUMBERS..
● Enable VPC Flow Logs
● Collect connections from public IPs
● Report & monitor
IDEA
VPC FLOW LOGS
● Enable on VPC Dashboard● Stored in CloudWatch Logs● One LogStream per network interface● Packet based
○ Source IP & Port○ Dest IP & Port○ Protocol (TCP/UDP)○ Packets & Bytes
VPC FLOW LOGS
● No connection information
● No filtering
● Cost per ingested GB (0.57 EUR/GB)
● Rate limits
DOWNSIDES
● Collect inbound VPC connections
● Across multiple AWS accounts
● Read deltas from VPC Flow Logs
● Provide HTTP interface
CONNECTION TRACKER
CONNECTION TRACKER
ACCOUNT CONNECTIONS
LinksVPC Flow Logs Connection Trackergithub.com/zalando-stups/connection-tracker
STUPS Frontpagestups.io
tech.zalando.com@try_except_
top related