NAT Gateway Traffic Capture for a Specific IP.

Question

We want to Export Data For NGW which would give us the EC2 IP which is sending traffic outside via NAT Gateway. Currently we are following one doc and its giving Src Address of Nat Gateway Private IP however we are looking for EC2 IPs which are sending data out. Please let us know how to get the same. We are Using Cloud Watch Insight/Query to export the data.

https://aws.amazon.com/premiumsupport/knowledge-center/vpc-find-traffic-sources-nat-gateway/

Answer

Here is a blog that describes this in detail: https://aws.amazon.com/blogs/aws/learn-from-your-vpc-flow-logs-with-additional-meta-data/

****************

When you create a new VPC Flow Log, in addition to existing fields, you can now choose to add the following meta-data:

**`pkt-srcaddr`** : the packet-level IP address of the source. You typically use this field in conjunction with **`srcaddr`** to distinguish between the IP address of an intermediate layer through which traffic flows, **such as a NAT gateway**.

Answer

Try [enabling enriched flow logs](https://aws.amazon.com/about-aws/whats-new/2020/05/add-enriched-metadata-to-amazon-vpc-flow-logs-published-to-cloudwatch-logs-and-s3/) as there are additional fields that are included - of interest are the source IP address of the flow before it has passed through NAT Gateway.

NAT Gateway Traffic Capture for a Specific IP.

関連するコンテンツ