Domains
Agile Management
Master Agile methodologies for efficient and timely project delivery.
View All Agile Management Coursesicon-refresh-cwCertifications
Scrum Alliance
16 Hours
Best Seller
Certified ScrumMaster (CSM) Certification
Scrum Alliance
16 Hours
Best Seller
Certified Scrum Product Owner (CSPO) Certification
Scaled Agile
16 Hours
Trending
Leading SAFe 6.0 Certification
Scrum.org
16 Hours
Professional Scrum Master (PSM) Certification
Scaled Agile
16 Hours
SAFe 6.0 Scrum Master (SSM) Certification
Advanced Certifications
Scaled Agile, Inc.
32 Hours
Recommended
Implementing SAFe 6.0 (SPC) Certification
Scaled Agile, Inc.
24 Hours
SAFe 6.0 Release Train Engineer (RTE) Certification
Scaled Agile, Inc.
16 Hours
Trending
SAFe® 6.0 Product Owner/Product Manager (POPM)
IC Agile
24 Hours
ICP Agile Certified Coaching (ICP-ACC)
Scrum.org
16 Hours
Professional Scrum Product Owner I (PSPO I) Training
Masters
32 Hours
Trending
Agile Management Master's Program
32 Hours
Agile Excellence Master's ProgramOn-Demand Courses
Agile and ScrumRoles
Scrum MasterTech Courses and Bootcamps
Full Stack Developer BootcampAccreditation Bodies
Scrum Alliance
Scaled Agile, Inc.
Scrum.org
ICAgile
PMI
Top Resources
Scrum TutorialProject Management
Gain expert skills to lead projects to success and timely completion.
View All Project Management Coursesicon-standCertifications
PMI
36 Hours
Best Seller
Project Management Professional (PMP) Certification
Axelos
32 Hours
PRINCE2 Foundation & Practitioner Certification
Axelos
16 Hours
PRINCE2 Foundation Certification
Axelos
16 Hours
PRINCE2 Practitioner Certification
Skills
Change ManagementMasters
Job Oriented
45 Hours
Trending
Project Management Master's Program
University Programs
45 Hours
Trending
Project Management Master's ProgramOn-Demand Courses
PRINCE2 Practitioner CourseRoles
Project ManagerAccreditation Bodies
PMIAxelos
Scrum AllianceTop Resources
Theories of MotivationCloud Computing
Learn to harness the cloud to deliver computing resources efficiently.
View All Cloud Computing Coursesicon-cloud-snowingCertifications
AWS
32 Hours
Best Seller
AWS Certified Solutions Architect - Associate
AWS
32 Hours
AWS Cloud Practitioner CertificationAWS
24 Hours
AWS DevOps CertificationMicrosoft
16 Hours
Azure Fundamentals Certification
Microsoft
24 Hours
Best Seller
Azure Administrator CertificationMicrosoft
45 Hours
Recommended
Azure Data Engineer CertificationMicrosoft
32 Hours
Azure Solution Architect CertificationMicrosoft
40 Hours
Azure DevOps CertificationAWS
24 Hours
Systems Operations on AWS Certification TrainingAWS
24 Hours
Developing on AWSMasters
Job Oriented
48 Hours
New
AWS Cloud Architect Masters Program
Bootcamps
Career Kickstarter
100 Hours
Trending
Cloud Engineer Bootcamp
Roles
Cloud EngineerOn-Demand Courses
AWS Certified Developer Associate - Complete GuideAuthorized Partners of
AWSMicrosoft
Top Resources
Scrum TutorialIT Service Management
Understand how to plan, design, and optimize IT services efficiently.
View All DevOps Coursesicon-git-commitCertifications
Axelos
16 Hours
Best Seller
ITIL 4 Foundation Certification
Axelos
16 Hours
ITIL Practitioner Certification
PeopleCert
16 Hours
ISO 14001 Foundation Certification
PeopleCert
16 Hours
ISO 20000 CertificationPeopleCert
24 Hours
ISO 27000 Foundation CertificationAxelos
24 Hours
ITIL 4 Specialist: Create, Deliver and Support Training
Axelos
24 Hours
ITIL 4 Specialist: Drive Stakeholder Value TrainingAxelos
16 Hours
ITIL 4 Strategist Direct, Plan and Improve TrainingOn-Demand Courses
ITIL 4 Specialist: Create, Deliver and Support ExamTop Resources
ITIL Practice TestData Science
Unlock valuable insights from data with advanced analytics.
View All Data Science Coursesicon-dataBootcamps
Job Oriented
6 Months
Trending
Data Science Bootcamp
Job Oriented
289 Hours
Data Engineer Bootcamp
Job Oriented
6 Months
Data Analyst Bootcamp
Job Oriented
288 Hours
New
AI Engineer Bootcamp
Skills
Data Science with PythonRoles
Data ScientistOn-Demand Courses
Data Analysis Using ExcelTop Resources
Machine Learning TutorialDevOps
Automate and streamline the delivery of products and services.
View All DevOps Coursesicon-terminal-squareCertifications
DevOps Institute
16 Hours
Best Seller
DevOps Foundation Certification
CNCF
32 Hours
New
Certified Kubernetes Administrator
Devops Institute
16 Hours
Devops LeaderSkills
KubernetesRoles
DevOps EngineerOn-Demand Courses
CI/CD with Jenkins XGlobal Accreditations
DevOps Institute
Top Resources
Top DevOps ProjectsBI And Visualization
Understand how to transform data into actionable, measurable insights.
View All BI And Visualization Coursesicon-microscopeBI and Visualization Tools
Certification
24 Hours
Recommended
Tableau Certification
Certification
24 Hours
Data Visualization with Tableau Certification
Microsoft
24 Hours
Best Seller
Microsoft Power BI Certification
TIBCO
36 Hours
TIBCO Spotfire Training
Certification
30 Hours
Data Visualization with QlikView CertificationCertification
16 Hours
Sisense BI Certification
On-Demand Courses
Data Visualization Using Tableau TrainingTop Resources
Python Data Viz LibsCyber Security
Understand how to protect data and systems from threats or disasters.
View All Cyber Security Coursesicon-refresh-cwCertifications
CompTIA
40 Hours
Best Seller
CompTIA Security+
EC-Council
40 Hours
Certified Ethical Hacker (CEH v12) Certification
ISACA
22 Hours
Certified Information Systems Auditor (CISA) Certification
ISACA
40 Hours
Certified Information Security Manager (CISM) Certification
(ISC)²
40 Hours
Certified Information Systems Security Professional (CISSP)
(ISC)²
40 Hours
Certified Cloud Security Professional (CCSP) Certification
16 Hours
Certified Information Privacy Professional - Europe (CIPP-E) Certification
ISACA
16 Hours
COBIT5 Foundation
16 Hours
Payment Card Industry Security Standards (PCI-DSS) Certification
On-Demand Courses
CISSPTop Resources
Laptops for IT SecurityWeb Development
Learn to create user-friendly, fast, and dynamic web applications.
View All Web Development Coursesicon-codeBootcamps
Career Kickstarter
6 Months
Best Seller
Full-Stack Developer Bootcamp
Job Oriented
3 Months
Best Seller
UI/UX Design Bootcamp
Enterprise Recommended
6 Months
Java Full Stack Developer Bootcamp
Career Kickstarter
490+ Hours
Front-End Development Bootcamp
Career Accelerator
4 Months
Backend Development Bootcamp (Node JS)
Skills
ReactOn-Demand Courses
Angular TrainingTop Resources
Top HTML ProjectsBlockchain
Understand how transactions and databases work in blockchain technology.
View All Blockchain Coursesicon-stop-squareBlockchain Certifications
40 Hours
Blockchain Professional Certification
32 Hours
Blockchain Solutions Architect Certification
32 Hours
Blockchain Security Engineer Certification
24 Hours
Blockchain Quality Engineer Certification
5+ Hours
Blockchain 101 Certification
On-Demand Courses
NFT Essentials 101: A Beginner's GuideTop Resources
Blockchain Interview QsProgramming
Learn to code efficiently and design software that solves problems.
View All Programming Coursesicon-codeSkills
Python CertificationInterview Prep
Career Accelerator
3 Months
Software Engineer Interview Prep
On-Demand Courses
Data Structures and Algorithms with JavaScriptTop Resources
Python Tutorial
What are VPS Endpoint and Flow Logs in AWS?
VPC Endpoint
A VPC endpoint is used to allow users to privately connect the VPC to the AWS resources. It also helps connect VPC endpoint services that are powered by PrivateLink to AWS services without the need of an internet gateway, NAT gateway, VPN connection or an AWS Direct Connect connection.
The VPC instance don’t need a public IP address so as to communicate with the resources present in the service. The traffic between VPC and the other services stays within the Amazon network only. Endpoints can be understood as virtual devices that are horizontally scaled, redundant, and highly-available VPC components. These VPC components help in the communication between instances in the VPC and the services, without causing any availability risks or bandwidth constraints with regards to the network traffic.
There are two types of VPC endpoints:
- Interface endpoints
- Gateway endpoints
Note: The VPC endpoints can be created based on the requirement and the service which supports this.
Interface Endpoints
An interface VPC endpoint is used to connect to services which use AWS PrivateLink. These services include Amazon services, services hosted by other AWS customers, partners of the user’s own VPCs, and AWS Marketplace partner services. The owner of the service refers to the service provide, and the user is the person who creates these interface endpoints, who are known as ‘service consumers’.
Gateway Endpoints
A gateway endpoint is a gateway that is specified by the user as a target to the route in the route table so that it follows the traffic it is assigned to the Amazon service that it supports. It supports Amazon S3 and DynamoDB services.
Controlling Usage of VPC Endpoints
IAM users don’t have the permission to work with endpoints by default. The user has to create an IAM policy that is used to grant users the permission to create, change, describe and delete endpoints. The user can’t create an IAM policy to grant permission to a specific endpoint or prefix list.
When an endpoint is created, the user can attach the endpoint policy to the endpoint which has control access to the service it connects to. Endpoint policies are written in JSON format.
If the user is using an endpoint to connect to Amazon S3, S3s bucket policies also need to be used to control access to these buckets from specific endpoints or VPCs.
Usage of VPC Endpoint Policy
VPC endpoint is an IMA policy which is attached to the endpoint when an endpoint is created or modified. If such a policy is not attached when an endpoint is created, Amazon, by default, attaches a policy that allows complete access to the service. No endpoint policy overrides or replaces the IAM user policies or other policies which are specific to the service.
Key Aspects
- More than one policy can’t be attached to an endpoint, but a policy can be modified at any point in time. Once a policy is modified, it takes a few minutes for the changes to show up.
- The part of the policy which is related to the specific service will work. An endpoint policy can’t be used to allow resources present in the VPC to perform other actions.
- The endpoint policy must contain a principal element.
- The size of the endpoint policy shouldn’t exceed 20480 characters, including whitespaces.
VPC Flow Logs
VPC Flow Logs is a feature provided by Amazon that helps the user capture information regarding IP traffic that goes to and comes from network interfaces in the VPC. Flow Log data which is captured can be published to Amazon CloudWatch Log and Amazon S3. Once the user creates a flow Log, they can retrieve and view the data in the destination of their choice.
Flow Logs can be used with multiple tasks, and some of them have been listed below:
- Traffic monitoring which reaches the user instance.
- The over restrictive security group rules can be diagnosed and worked on.
- Determining the direction from where traffic come to and goes from the network interfaces.
Flow Log data that is outside the network traffic is collected, and hence, it doesn’t affect the network’s throughput or latency. Flow Logs can be created or deleted without worrying about its effect on the impact on network performance.
When Flow Log data is placed inside CloudWatch logs, it is chargeable.
A Flow Log can be created for a VPC, a subnet or a network interface. When a Flow Log is created for a subnet or a VPC, every network interface which is present within that subnet or VPC is considered for the process of monitoring.
The monitored network’s Flow Log data is recorded as ‘flow log record’, which logs events that consist of fields which describe the flow of traffic.
When a Flow Log has to be created, the below mentioned attributes are specified:
- The resource for which the Flow Log needs to be created.
- The type of traffic which it will be used to capture (Accepted traffic, rejected traffic or all kinds of traffic).
- The destination wherein this Flow Log data is to be published.
Once a Flow Log has been created, it takes a few minutes for data to be collected and then publish to the chosen destinations. Flow Logs can’t capture real-time log streams for the user’s network interfaces.
If the user launches more than one instance in the subnet once the flog log has been created for subnet/VPC, a new log stream (for CloudWatch Logs) or a log file object (for Amazon S3) gets created for every new network interface. This operation happens as soon as the network traffic gets recorded for that specific network interface.
Flow Log for network interfaces can be created by other Amazon services which have been listed below:
- Elastic Load Balancing
- Amazon RDS
- Amazon ElastiCache
- Amazon Redshift
- NAT gateways
- Transit gateways
- Amazon WorkSpaces
Irrespective of the network interface type, the Amazon EC2 console or Amazon EC2 API has to be used to create a Flow Log for the network interface.
When a Flow Log is created, the default format can be used for its Flow Log record or a customized format can be used (Amazon S3 only).
When the user no longer requires the Flow Log, it can be deleted. When a Flow Log is deleted, it disables the Flow Log service for that specific resource, and no new Flow Log gets created or published to CloudWatch or Amazon S3.
When a Flow Log is deleted, it doesn’t delete any existing Flow Log record or log stream or log file objects for a network interface.
If an existing log stream needs to be deleted, the CloudWatch Log console needs to be used. If an existing log file object needs to be deleted, the Amazon S3 console needs to be used.
Flow Log Records
A Flow Log record is used to represent a network flow for the VPC. Every record is used to capture a network internet protocol traffic by default. This traffic is present within a ‘capture window’. Capture window is a time period of about 10 minutes during which the data flow is captured. ‘Aggregation period’ refers to the total amount of time it takes to capture, process and publish the flow data. The aggregation period can take up to 15 minutes.
The record includes values of different components present in the IP flow by default, and this includes the source, destination and the protocol.