Dashboard: VPC Flow Log Activity Dashboard
This dashboard answers the following questions:
- How many VPC flow log records are there?
- How many connections have been accepted and rejected?
- How does accepted traffic compare to rejected traffic over time?
- How is traffic distributed by log status (OK, NODATA, SKIPDATA)?
- How is traffic distributed across regions?
- How is traffic distributed by protocol (TCP, UDP, ICMP)?
- Which ENIs generate the most traffic?
- Which source and destination IP addresses generate the most traffic?
- Which source IP addresses have the most rejected connections?
- Which source-destination pairs transfer the most packets?
This dashboard contains 3 cards.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/tailpipe-mod-aws-vpc-flow-log-detectionsStart the Powerpipe server:
powerpipe serverOpen http://localhost:9033 in your browser and select VPC Flow Log Activity Dashboard dashboard.
You could also snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe dashboard run aws_vpc_flow_log_detections.dashboard.activity_dashboard --shareQueries
This dashboard uses the the following queries:
with time_series as ( select date_trunc('day', start_time) as day, count(*) filter (where action = 'ACCEPT') as accepted, count(*) filter (where action = 'REJECT') as rejected from aws_vpc_flow_log group by day order by day)select day, accepted, rejectedfrom time_seriesorder by day;