For the most recent update on ongoing service disruptions affecting the AWS Middle East (UAE) Region (ME-CENTRAL-1), refer to the AWS Health Dashboard. For information on AWS Service migration, see How do I migrate my services to another region?
How can I configure Traffic Mirroring for Amazon VPC?
I want to configure Traffic Mirroring for Amazon Virtual Private Cloud (Amazon VPC).
Short description
Traffic Mirroring is a feature of Amazon VPC that lets you copy network traffic from specific interfaces. Copy network traffic when you must complete the following actions:
- Inspect content
- Monitor threats
- Troubleshoot issues
The AWSSupport-ConfigureTrafficMirroring runbook creates the required targets, filters, and sessions. By default, the runbook configures mirroring for all inbound and outbound traffic for all protocols except Amazon DNS. You can modify inbound and outbound rules for your use case.
Note: Traffic Mirroring isn't available for all Amazon VPC setups. To determine if you can use Traffic Mirroring, see Traffic Mirroring limitations. For information on security best practices for Traffic Mirroring, see Identity and access management for Traffic Mirroring.
Resolution
Prerequisites
Before you start, make sure that your AWS Identity and Access Management (IAM) user or role has the necessary permissions. For more information, see Required IAM permissions in AWSSupport-ConfigureTrafficMirroring.
Set up the automation workflow
-
Open the AWS Systems Manager console.
-
In the navigation pane, choose Documents.
-
In the search bar, enter AWSSupport-ConfigureTrafficMirroring.
-
Choose AWSSupport-ConfigureTrafficMirroring.
-
Choose Execute automation.
-
For the input parameters, enter the following information:
(Optional) AutomationAssumeRole: If you have an IAM role that executes Automation runbooks on your behalf, then enter the Amazon Resource Name (ARN) of the role here. If you don't specify a role, then Systems Manager Automation uses your current IAM user permissions to initiate the runbook.
SourceENI: Enter the elastic network interface that you want to configure traffic mirroring for.
Target: A traffic mirror target is the destination for mirrored traffic. Specify the ID of an elastic network interface, Network Load Balancer, or Gateway Load Balancer endpoint. If you specify a Network Load Balancer, then you must have UDP listeners on port 4789. For more information, see Understand traffic mirror target concepts.
Mirror targets with security groups must allow VXLAN traffic (UDP port 4789) from the traffic mirror source. For more information, see VXLAN encapsulation.
SessionNumber: Enter the number of the mirror sessions that you want to use. The number must be within a range of 1-32766.
-
(Optional) Add an Amazon CloudWatch Alarm to help you with your automation. If the alarm activates when the automation runs, then the automation stops. For more information, see Monitor mirrored traffic using Amazon CloudWatch.
-
Choose Execute.
View your Traffic Mirroring session
- Open the Amazon VPC console.
- Under Traffic Mirroring in the navigation pane, choose Mirror sessions.
Important: Because Traffic Mirroring can incur additional costs, it's a best practice to delete a Traffic Mirroring session when not in use.
Related information
Run an automated operation powered by Systems Manager Automation
- Language
- English
Relevant content
asked 5 years ago- asked 5 years ago
- asked 3 years ago
- AWS OFFICIALUpdated a month ago
