Posted On: Feb 5, 2020
You can now capture and aggregate your HAQM Virtual Private Cloud (HAQM VPC) flow logs at shorter intervals of up to 1 minute, giving you quicker visibility into your network traffic flows. With a 1-minute configuration, your VPC flow logs arrive in an expedited manner and provide more granular visibility into the sequence of events in a flow, thereby enabling you to accurately investigate and rapidly respond to security incidents, or troubleshoot connectivity issues faster.
To get started, you can choose a maximum aggregation interval (also known as capture window) of 1 minute while creating a new flow log using the AWS Management Console, the AWS Command Line Interface (AWS CLI) or the AWS Software Development Kit (AWS SDK). Your flow logs will then be aggregated at intervals of up to 1 minute, before they are processed and published. By default, the maximum aggregation interval is 10 minutes.
There is no additional charge for flow logs with a maximum aggregation interval of 1 minute. Standard rates apply based on your choice of log destination. Learn about the pricing to deliver HAQM VPC flow logs to S3 or CloudWatch Logs here. For more information about HAQM VPC flow logs, please refer to the documentation.