I'm looking into a situation where our VPC flow logs suddenly increased a lot on a specific day. I understand this could be due to various factors like CloudWatch log ingestion, but I'm not sure how to pinpoint the specific cause. I'd like some advice on what steps to take to analyze this situation and find out what led to the spike.
3 Answers
You should definitely check CloudTrail for any changes related to your VPC around that time, such as new instances, auto-scaling group adjustments, or changes to the flow log configuration. Look at the flow logs from that day, too – it's often just one resource making a ton of connections, or a misconfigured security group causing a lot of rejections. Also, using Cost Explorer filtered to CloudWatch Logs can help you identify which log group saw the biggest increase.
If there was a new flow log configured, that change would be logged in CloudTrail. Make sure to analyze the data generated in the logs for any significant flow increases.
To trace unexpected charges, I recommend checking out this article on unexpected charges in AWS: http://go.aws/resources-unexpected-charges. If you still can't find the reason, consider contacting the Billing & Accounts team for a more thorough investigation.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures