How can I find the resource that owns the unknown IP addresses in my Amazon VPC?

Question

I trying to find the top contributors to traffic through the NAT gateway in my VPC. 
Therefore I've obtained a IP list through VPC flow logs. (https://aws.amazon.com/premiumsupport/knowledge-center/vpc-find-traffic-sources-nat-gateway/).

However there are some IPs that I can't find either using the network interface console or describe-network-interfaces aws cli command. (https://aws.amazon.com/premiumsupport/knowledge-center/vpc-find-owner-unknown-ip-addresses/)

Is there any other way to find them?

Answer

These mysterious IPs could be in use by AWS Services. To determine this, you can use custom logging $$1$$
 that includes the fields pkt-src-aws-service and pkt-dst-aws-service. If this traffic is going to or from an AWS Service, this should show up clearly in these fields.

$$1$$ https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-logs-custom

How can I find the resource that owns the unknown IP addresses in my Amazon VPC?

相關內容