1
00:00:00,090 --> 00:00:02,430
‫Now let's talk about VPC flow logs.

2
00:00:02,430 --> 00:00:06,197
‫VPC flow logs are a log of all the IP traffic going

3
00:00:06,197 --> 00:00:07,980
‫through your interfaces.

4
00:00:07,980 --> 00:00:10,980
‫So you can get a VPC flow log, a subnet flow log

5
00:00:10,980 --> 00:00:13,170
‫or even an elastic tech network interface flow log

6
00:00:13,170 --> 00:00:14,400
‫to see the traffic going in

7
00:00:14,400 --> 00:00:17,130
‫and out of your EC2 instances for example.

8
00:00:17,130 --> 00:00:19,290
‫By enabling the flow log, we can monitor

9
00:00:19,290 --> 00:00:21,480
‫and troubleshoots for connectivity issues.

10
00:00:21,480 --> 00:00:24,420
‫For example, if a subnet cannot connect to the internet,

11
00:00:24,420 --> 00:00:26,640
‫or a subnet cannot connect to another subnet,

12
00:00:26,640 --> 00:00:28,950
‫or the internet cannot access a subnet,

13
00:00:28,950 --> 00:00:31,080
‫this will be captured by the VPC flow log

14
00:00:31,080 --> 00:00:33,840
‫and we can look at it to get to the root cause of it.

15
00:00:33,840 --> 00:00:35,280
‫So this is super important because

16
00:00:35,280 --> 00:00:37,020
‫on top of getting information out

17
00:00:37,020 --> 00:00:38,490
‫of our EC2 instances,

18
00:00:38,490 --> 00:00:39,630
‫we also get information

19
00:00:39,630 --> 00:00:42,120
‫for elastic load balancers, ElastiCache,

20
00:00:42,120 --> 00:00:44,730
‫RDS, Aurora, et cetera, et cetera.

21
00:00:44,730 --> 00:00:48,870
‫And the VPC flow logs can go to S3, CloudWatch Logs,

22
00:00:48,870 --> 00:00:50,553
‫and Kinesis Data Firehose.

23
00:00:51,420 --> 00:00:54,660
‫Next we have VPC peering and VPC peering is to connect

24
00:00:54,660 --> 00:00:58,500
‫to VPC privately using the network from AWS

25
00:00:58,500 --> 00:00:59,610
‫and to make them behave

26
00:00:59,610 --> 00:01:02,160
‫as if they were part from the same network.

27
00:01:02,160 --> 00:01:02,993
‫So this is an example.

28
00:01:02,993 --> 00:01:05,460
‫We have VPC A and VPC B

29
00:01:05,460 --> 00:01:08,520
‫and we can peer them together and as soon as that's done

30
00:01:08,520 --> 00:01:10,620
‫then they will have the same network

31
00:01:10,620 --> 00:01:13,800
‫or behave as if they were in the same network.

32
00:01:13,800 --> 00:01:15,330
‫So for this, you need to make sure

33
00:01:15,330 --> 00:01:18,360
‫that the IP address's range do not overlap.

34
00:01:18,360 --> 00:01:19,320
‫If they do overlap

35
00:01:19,320 --> 00:01:22,800
‫then you cannot establish a VPC peering connection.

36
00:01:22,800 --> 00:01:24,810
‫The other thing is that a VPC peering connection

37
00:01:24,810 --> 00:01:26,430
‫is not transitive.

38
00:01:26,430 --> 00:01:29,910
‫That means that if you add a new VPC, for example, VPC C,

39
00:01:29,910 --> 00:01:34,230
‫and you create a peering connection between VPC A and VPC C

40
00:01:34,230 --> 00:01:37,620
‫then that means that VPC B and C cannot talk

41
00:01:37,620 --> 00:01:38,700
‫to each other yet.

42
00:01:38,700 --> 00:01:41,850
‫If you want to have VPC B and C talk to one another

43
00:01:41,850 --> 00:01:44,280
‫then you would need to create another peering connection

44
00:01:44,280 --> 00:01:46,680
‫between your VPC B and C.

45
00:01:46,680 --> 00:01:49,740
‫So let's go in the console to see how this works.

46
00:01:49,740 --> 00:01:52,200
‫So let's explore VPC flow logs.

47
00:01:52,200 --> 00:01:53,033
‫For this, you click

48
00:01:53,033 --> 00:01:55,800
‫on your VPC and then click on flow logs.

49
00:01:55,800 --> 00:01:57,180
‫And here you can create a flow log.

50
00:01:57,180 --> 00:01:59,730
‫So we'll just have a look at the options for flow logs.

51
00:01:59,730 --> 00:02:00,870
‫So you can name it,

52
00:02:00,870 --> 00:02:03,390
‫you can say filters if you want all traffic,

53
00:02:03,390 --> 00:02:06,090
‫just accepted traffic, or rejected traffic.

54
00:02:06,090 --> 00:02:08,040
‫What is the maximum aggregation interval.

55
00:02:08,040 --> 00:02:08,970
‫Do you want it to be

56
00:02:08,970 --> 00:02:11,580
‫in 10 minutes interval or one minute interval?

57
00:02:11,580 --> 00:02:13,500
‫And then what is the destination.

58
00:02:13,500 --> 00:02:15,660
‫For example, you can send to CloudWatch Logs.

59
00:02:15,660 --> 00:02:18,570
‫You can send to an Amazon S3 bucket, or you can send

60
00:02:18,570 --> 00:02:21,600
‫to Kinesis Data Firehose in the same or different accounts.

61
00:02:21,600 --> 00:02:22,740
‫And based on the option you choose

62
00:02:22,740 --> 00:02:24,090
‫you have to specify different parameters.

63
00:02:24,090 --> 00:02:26,280
‫For example, for CloudWatch Logs, the log group

64
00:02:26,280 --> 00:02:28,050
‫as well as an IAM role.

65
00:02:28,050 --> 00:02:30,990
‫And finally, here's the log record format

66
00:02:30,990 --> 00:02:32,880
‫which is going to create some information

67
00:02:32,880 --> 00:02:35,700
‫on the VPC flow logs such as version, account id,

68
00:02:35,700 --> 00:02:39,060
‫interface id, source address, destination address,

69
00:02:39,060 --> 00:02:42,690
‫source port, destination ports, protocol, packets,

70
00:02:42,690 --> 00:02:46,500
‫bytes, start, end, action, log-status.

71
00:02:46,500 --> 00:02:49,200
‫So that's it for the VC flow logs.

72
00:02:49,200 --> 00:02:52,185
‫And regarding VPC peering connection, you will go

73
00:02:52,185 --> 00:02:55,470
‫on the left hand side and you find peering connections.

74
00:02:55,470 --> 00:02:57,090
‫So here we can create a peering connection.

75
00:02:57,090 --> 00:02:58,200
‫So we can name it.

76
00:02:58,200 --> 00:03:00,300
‫We have to select a local VPC to peer with

77
00:03:00,300 --> 00:03:02,790
‫so that's called the requester VPC.

78
00:03:02,790 --> 00:03:05,280
‫And then you have to select another VPC to peer with.

79
00:03:05,280 --> 00:03:06,930
‫It could be in my accounts or it could be

80
00:03:06,930 --> 00:03:09,450
‫in another accounts, and then it could be in this region

81
00:03:09,450 --> 00:03:10,770
‫or it could be in another region.

82
00:03:10,770 --> 00:03:13,830
‫For example, let's choose Cape Town Africa.

83
00:03:13,830 --> 00:03:16,560
‫And then we need to enter the VPC id.

84
00:03:16,560 --> 00:03:17,393
‫Once you've done that

85
00:03:17,393 --> 00:03:19,380
‫you can just create a peering connection.

86
00:03:19,380 --> 00:03:20,700
‫And then if accepted

87
00:03:20,700 --> 00:03:22,800
‫then the two networks will behave as one

88
00:03:22,800 --> 00:03:26,220
‫which is the whole point of using VPC peering connections.

89
00:03:26,220 --> 00:03:28,410
‫So I don't have an extra VPC to show you right now

90
00:03:28,410 --> 00:03:29,850
‫but you get the idea.

91
00:03:29,850 --> 00:03:30,683
‫So that's it.

92
00:03:30,683 --> 00:03:31,516
‫In this lecture

93
00:03:31,516 --> 00:03:34,260
‫we've seen VPC flow logs to capture traffic information,

94
00:03:34,260 --> 00:03:37,080
‫or VPC, as well as VPC peering connections.

95
00:03:37,080 --> 00:03:40,143
‫I hope you liked it and I will see you in the next lecture.