VPC Flow Logs Connection Tracking @ AWS Berlin User Group Meetup August 2015

12
VPC Flow Logs Connection Tracking AWS Berlin Meetup 2015-08-24 [email protected] @try_except_

Transcript of VPC Flow Logs Connection Tracking @ AWS Berlin User Group Meetup August 2015

Page 1: VPC Flow Logs Connection Tracking @ AWS Berlin User Group Meetup August 2015

VPC Flow LogsConnection Tracking

AWS Berlin Meetup [email protected] @try_except_

Page 2: VPC Flow Logs Connection Tracking @ AWS Berlin User Group Meetup August 2015

AWS

STUPS

DOCKERDEPLOY

SSH ACCESS

AUDIT REPORTS

FULL AWS ACCESS

STUPS: A PLATFORM ON TOP OF AMAZON WEB SERVICES

Page 3: VPC Flow Logs Connection Tracking @ AWS Berlin User Group Meetup August 2015

Internet

*.abc.example.org *.xyz.example.org

Team ABC Team XYZ

ISOLATED AWS ACCOUNTS

EC2EC2

ELBELB

EC2

Page 4: VPC Flow Logs Connection Tracking @ AWS Berlin User Group Meetup August 2015

● 800+ in Zalando Tech

● 90+ AWS Accounts

● 160+ Applications

SOME NUMBERS..

Page 5: VPC Flow Logs Connection Tracking @ AWS Berlin User Group Meetup August 2015

● Enable VPC Flow Logs

● Collect connections from public IPs

● Report & monitor

IDEA

Page 6: VPC Flow Logs Connection Tracking @ AWS Berlin User Group Meetup August 2015

VPC FLOW LOGS

Page 7: VPC Flow Logs Connection Tracking @ AWS Berlin User Group Meetup August 2015

● Enable on VPC Dashboard● Stored in CloudWatch Logs● One LogStream per network interface● Packet based

○ Source IP & Port○ Dest IP & Port○ Protocol (TCP/UDP)○ Packets & Bytes

VPC FLOW LOGS

Page 8: VPC Flow Logs Connection Tracking @ AWS Berlin User Group Meetup August 2015

● No connection information

● No filtering

● Cost per ingested GB (0.57 EUR/GB)

● Rate limits

DOWNSIDES

Page 9: VPC Flow Logs Connection Tracking @ AWS Berlin User Group Meetup August 2015

● Collect inbound VPC connections

● Across multiple AWS accounts

● Read deltas from VPC Flow Logs

● Provide HTTP interface

CONNECTION TRACKER

Page 10: VPC Flow Logs Connection Tracking @ AWS Berlin User Group Meetup August 2015

CONNECTION TRACKER

Page 11: VPC Flow Logs Connection Tracking @ AWS Berlin User Group Meetup August 2015

ACCOUNT CONNECTIONS

Page 12: VPC Flow Logs Connection Tracking @ AWS Berlin User Group Meetup August 2015

LinksVPC Flow Logs Connection Trackergithub.com/zalando-stups/connection-tracker

STUPS Frontpagestups.io

tech.zalando.com@try_except_

https://github.com/zalando-stups/connection-tracker
https://github.com/zalando-stups/connection-tracker
http://stups.io
http://stups.io

AWS Meetup San Franciscofiles.meetup.com/8763012/AWS ELK_SF Meetup_Presentation.pdfPoor Security Logs include sensitive data and open source ELK offers no real security solution, from

AWS Meetup San Franciscofiles.meetup.com/8763012/AWS ELK_SF Meetup_Presentation.pdfPoor Security Logs include sensitive data and open source ELK offers no real security solution, from

VPC Deloitte Presentation

VPC Deloitte Presentation

Stop Threats Faster - Juniper Networks · VPC 1 VPC 2 VPC N Internet Transit VPC VPN over Direct Connect Backup VPN AZ 1 AZ 2 Transit VPC •Inter-VPC connectivity over VPN ... Juniper

Stop Threats Faster - Juniper Networks · VPC 1 VPC 2 VPC N Internet Transit VPC VPN over Direct Connect Backup VPN AZ 1 AZ 2 Transit VPC •Inter-VPC connectivity over VPN ... Juniper

INSTRUCTION MANUAL VPC-CG88EX VPC-CG88GX VPC-CG88TA …cncms.com.au/SANYO-IMs/Consumer-Electronics/vpccg88ta_im.pdf · 2014. 8. 2. · VPC-CG88EX VPC-CG88GX VPC-CG88TA VPC-CG88PX

INSTRUCTION MANUAL VPC-CG88EX VPC-CG88GX VPC-CG88TA …cncms.com.au/SANYO-IMs/Consumer-Electronics/vpccg88ta_im.pdf · 2014. 8. 2. · VPC-CG88EX VPC-CG88GX VPC-CG88TA VPC-CG88PX

INSTRUCTION MANUAL VPC-GH1EX VPC-GH1GX Dual Camera … · 2013. 10. 10. · VPC-GH1EX VPC-GH1GX VPC-GH1PX VPC-GH1TA VPC-GH2 INSTRUCTION MANUAL Dual Camera Please read these instructions

INSTRUCTION MANUAL VPC-GH1EX VPC-GH1GX Dual Camera … · 2013. 10. 10. · VPC-GH1EX VPC-GH1GX VPC-GH1PX VPC-GH1TA VPC-GH2 INSTRUCTION MANUAL Dual Camera Please read these instructions

FlexPod Datacenter with VMware vSphere 5 - cisco.com · FlexPod Datacenter with VMware vSphere 5.1 ... HA Interco nnect VPC VPC VPC VPC Cisco UCS C200 M3 C-Ser i es Ser v er (s )

FlexPod Datacenter with VMware vSphere 5 - cisco.com · FlexPod Datacenter with VMware vSphere 5.1 ... HA Interco nnect VPC VPC VPC VPC Cisco UCS C200 M3 C-Ser i es Ser v er (s )

INSTRUCTION MANUAL VPC-PD1EX VPC-PD2 VPC-PD1GX VPC-PD1PX ...cncms.com.au/SANYO-IMs/Consumer-Electronics/vpcpd1_im.pdf · VPC-PD1EX VPC-PD2 VPC-PD1GX VPC-PD1PX VPC-PD1TA INSTRUCTION

INSTRUCTION MANUAL VPC-PD1EX VPC-PD2 VPC-PD1GX VPC-PD1PX ...cncms.com.au/SANYO-IMs/Consumer-Electronics/vpcpd1_im.pdf · VPC-PD1EX VPC-PD2 VPC-PD1GX VPC-PD1PX VPC-PD1TA INSTRUCTION

Cisco - VPC Concepts

Cisco - VPC Concepts

Networking in AWS - Amazon S3 · PDF file• AWS networking services including: VPC ... VPC Subnet 1 VPC Subnet 2 ... • Best Practices for Evaluating ELB

Networking in AWS - Amazon S3 · PDF file• AWS networking services including: VPC ... VPC Subnet 1 VPC Subnet 2 ... • Best Practices for Evaluating ELB

Predictive Security Monitoring for Your AWS Cloud …...Visibility into CloudTrail and VPC Flow logs on A SINGLE screen VPC Flow Logs provides access to IP traffic in and out of your

Predictive Security Monitoring for Your AWS Cloud …...Visibility into CloudTrail and VPC Flow logs on A SINGLE screen VPC Flow Logs provides access to IP traffic in and out of your

Introduction to VPC-DI...IntroductiontoVPC-DI ThischapterintroducesCiscoVirtualizedPacketCore—DistributedInstance(VPC-DI).VPC-DIsupports ...

Introduction to VPC-DI...IntroductiontoVPC-DI ThischapterintroducesCiscoVirtualizedPacketCore—DistributedInstance(VPC-DI).VPC-DIsupports ...

VIRTUAL PORT CHANNEL VPC) - NEXUS - NetworkLife · VIRTUAL PORT-CHANNEL (VPC) - NEXUS Terminologie vPC peer - Switch vPC, un des deux. Terminologie vPC VPC Agg 1A Agg 1B Core 1 Core

VIRTUAL PORT CHANNEL VPC) - NEXUS - NetworkLife · VIRTUAL PORT-CHANNEL (VPC) - NEXUS Terminologie vPC peer - Switch vPC, un des deux. Terminologie vPC VPC Agg 1A Agg 1B Core 1 Core

n5k Enhanced Vpc

n5k Enhanced Vpc

AWS Networking - Sipart Networking Building your... · 2020. 11. 2. · Amazon VPC Traffic Mirroring ... AWS Transit Gateway with AWS site-to-site VPN VPC VPC VPC AWS Transit Gateway

AWS Networking - Sipart Networking Building your... · 2020. 11. 2. · Amazon VPC Traffic Mirroring ... AWS Transit Gateway with AWS site-to-site VPN VPC VPC VPC AWS Transit Gateway

Logs, Logs, Logs, from Natural Element Homes

Logs, Logs, Logs, from Natural Element Homes

INSTRUCTION MANUAL VPC-X1200EX BASICS VPC-X1200 Digital ...

INSTRUCTION MANUAL VPC-X1200EX BASICS VPC-X1200 Digital ...

Vpc aws meetup

Vpc aws meetup

Anypoint vpc

Anypoint vpc

Vpc sample clips

Vpc sample clips

High reliability in WAN network - IEEEgrouper.ieee.org/groups/802/1/files/public/docs2019/df... · 2019-07-18 · VPC-GW vPC Private cloud VPC-GW vPC Pbulic cloud VPC-GW vPC Public/Private

High reliability in WAN network - IEEEgrouper.ieee.org/groups/802/1/files/public/docs2019/df... · 2019-07-18 · VPC-GW vPC Private cloud VPC-GW vPC Pbulic cloud VPC-GW vPC Public/Private