VPC – Traffic Mirroring

Purpose

• Capture and inspect VPC network traffic for security analysis, threat detection, and troubleshooting.

How It Works

• Source: ENIs on EC2 instances or Auto Scaling Groups.

• Target: Another ENI (monitoring instance) or a Network Load Balancer connected to security appliances.

• Mirrors can be applied across VPCs via VPC Peering.

• Use filters to capture specific traffic or truncate packets to reduce size.

Key Points

• Mirrors ingress, egress, or both traffic flows.

• Works at VPC traffic level without affecting the source workload.

• Scales with Auto Scaling Groups.

Use Cases

• Deep packet inspection.

• Intrusion detection and monitoring.

• Performance and latency analysis.