Home>
Cloud Labs>

Monitoring IP Traffic Using VPC Flow Logs

Monitoring IP Traffic Using VPC Flow Logs
Monitoring IP Traffic Using VPC Flow Logs

CLOUD LABS

Monitoring IP Traffic Using VPC Flow Logs

In this Cloud Lab, you’ll learn to create VPC Flow Logs and publish them on Amazon S3 and CloudWatch. You will query the logs to analyze them and configure the SNS notification based on the CloudWatch alarm.

11 Tasks

intermediate

2hr 30m

Certificate of Completion

Desktop OnlyDevice is not compatible.
No Setup Required
Amazon Web Services

Learning Objectives

A thorough understanding of core concepts related to VPC Flow Logs
Hands-on experience configuring VPC Flow Logs for S3
Working knowledge of creating Athena workgroup and analyzing Flow Logs from S3
Hands-on experience identifying connectivity issues and their solutions
Hands-on experience configuring VPC Flow Logs for CloudWatch
Working knowledge of configuring SNS notification and applying filters on CloudWatch logs
Technologies
Athena
CloudWatch logoCloudWatch
S3 logoS3
SNS logoSNS
Cloud Lab Overview

VPC Flow Logs is a monitoring solution to troubleshoot, analyze, monitor, and get insights into the IP traffic. VPC Flow Logs can be published to Amazon S3, CloudWatch logs, or Amazon Kinesis Data Firehose.

In this Cloud Lab, you will first create a VPC with public and private subnets, an internet gateway, and a NAT gateway. You’ll then create an S3 bucket and VPC Flow Logs and publish them into the bucket. You’ll also launch EC2 instances and deploy a React application. To simulate a scenario of restricted communication, you deliberately configure a restrictive security group. Consequently, the React application will be unable to communicate with the back-end server.

After that, you will use Amazon Athena to query the logs from the bucket and diagnose the restrictive security group issue. Then, you’ll learn to publish VPC Flow Logs to the CloudWatch Logs and configure the SNS topic and CloudWatch alarm to send email notifications for malicious traffic.

After completing this Cloud Lab, you can monitor your application’s traffic and automate notifications based on VPC Flow Logs. The following is the high-level architecture diagram of the infrastructure that you will create in this Cloud Lab:

Architecture diagram
Architecture diagram
Cloud Lab Tasks
1.Introduction
Getting Started
2.Provision a Network Infrastructure
Create a VPC and an S3 Bucket
Create VPC Flow Logs and Security Groups
Provision EC2 Instances and Set Up an Application
3.Query Flow Logs Using Amazon Athena
Create an Athena Workgroup
Resolve the Connectivity Issue
4.VPC Flow Logs with CloudWatch
Create an SNS Topic and Subscription
Create VPC Flow Logs for CloudWatch and Custom Metrics
Create a CloudWatch Alarm and Trigger
5.Conclusion
Clean Up
Wrap Up
Labs Rules Apply
Stay within resource usage requirements.
Do not engage in cryptocurrency mining.
Do not engage in or encourage activity that is illegal.

Before you start...

Try these optional labs before starting this lab.

Cloud Lab Cover

Cloud Lab

Understanding Networking Services in AWS—From Zero to Hero

12
beginner
3hr
Cloud Lab Cover

Cloud Lab

Getting to Know Amazon CloudWatch

8
beginner
1hr 30m
Cloud Lab Cover

Cloud Lab

Analyzing S3 Data and CloudTrail Logs Using Amazon Athena

8
beginner
1hr 30m

Relevant Courses

Use the following content to review prerequisites or explore specific concepts in detail.

Trusted by 1.4 million developers working at companies including

Don’t take our word for it. See what our developers have to say.

Your method is simple, straight to the point and I can practice with it everywhere, even from my phone, that's something I have never had in other learning platforms.

Felipe Matheus
Software Engineer
TestimonialsImg

I highly recommend Educative. The courses are well organized and easy to understand.

Adina Ong
Senior Engineering Manager
TestimonialsImg

I prefer Educative courses because they have a nice mix of text & images. I find that with full video courses, it can often be too easy to go into passive learning mode.

Clifford Fajardo
Senior Software Engineer
TestimonialsImg

I prefer Educative courses because they have a nice mix of text & images. I find that with full video courses, it can often be too easy to go into passive learning mode.

Clifford Fajardo
Senior Software Engineer
TestimonialsImg
Don’t take our word for it. See what our developers have to say.

Your method is simple, straight to the point and I can practice with it everywhere, even from my phone, that's something I have never had in other learning platforms.

Felipe Matheus
Software Engineer
TestimonialsImg

I highly recommend Educative. The courses are well organized and easy to understand.

Adina Ong
Senior Engineering Manager
TestimonialsImg

I prefer Educative courses because they have a nice mix of text & images. I find that with full video courses, it can often be too easy to go into passive learning mode.

Clifford Fajardo
Senior Software Engineer
TestimonialsImg

Get access to Educative Cloud Labs

Course Footer Image
Course Footer Image

Learn in-demand tech skills in half the time

PRODUCTS

Mock Interview

New

Courses

Skill Paths

Projects

Assessments

TRENDING TOPICS

Learn to Code

Tech Interview Prep

Generative AI

Data Science

Machine Learning

GitHub Students Scholarship

Early Access Courses

Blind 75

Layoffs

Pricing

For Individuals

Try for Free

Gift a Subscription

CONTRIBUTE

Become an Author

Become an Affiliate

Earn Referral Credits

RESOURCES

Blog

Cheatsheets

Webinars

Answers

ABOUT US

Our Team

Careers

Hiring

Frequently Asked Questions

Contact Us

Press

LEGAL

Privacy Policy

Cookie Policy

Terms of Service

Business Terms of Service

Data Processing Agreement

INTERVIEW PREP COURSES

Grokking the Modern System Design Interview

Grokking the Product Architecture Design Interview

Grokking the Coding Interview Patterns

Machine Learning System Design

Tiktok Streamline Icon: https://streamlinehq.com

Copyright ©2025 Educative, Inc. All rights reserved.

soc2