VPC Flow Logs can capture all IP traffic from network interfaces on your instances, a subnet for the Virtual Private Cloud (VPC), or the VPC itself. This data is then sent to CloudWatch Logs, allowing you to view the data as a stream showing all the entries. This data and information can help you resolve incidents and help with security remediation by identifying traffic that shouldn't be destined for a specific resource.
These are just a few of the logging capabilities offered by AWS. The point is, there are services and features, but you need to architect them into your solution in order to get the maximum benefit. As a general rule, you should ensure you have some form of logging enabled within your account.
So, going back to our first point at the start of this section, when you encounter a security threat and have identified that an EC2 instance may have been compromised, what action should you take? The key point is isolation.
VPC Flow Logs will be discussed...