Outline
Among the most important tasks server admins perform is monitoring. Although most of that monitoring is fed by system logs, it's also critical to keep watch at the network layer. So Amazon's VPC Flow Logs can play important roles in your overall security.
Flow logs are associated with network interfaces, so you access them within the EC2 environment in the network interfaces menu. Select an existing interface and then the Flow Logs tab. Hit the Create flow log button and define your flow. The configuration options will include deciding whether to have your logs saved to CloudWatch or to an S3 bucket. You can create flow logs that report on traffic going through the network interface attached to a single instance, or through all the interfaces within an entire subnet.
AWS also provides us with tools for managing our instances without having to log in the normal way. Some metrics are available through the Monitoring tab in the Instances dashboard. Those include data on CPU, status, network, and disk reads and writes. But don't expect to see anything covering memory here. Nothing much is going on with this instance right now, though.
Beyond that, though, there are the options provided through the Session Manager. From the instance dashboard, select an instance and click Connect. That'll take you to a menu with four options. EC2 Instance Connect will instantly give you a live terminal shell session. No need to mess with passwords or even keys. I'll exit the shell. The Session Manager would, if I had install the agent and created an appropriate IAM profile, permit the key-less access we discussed in the previous clip. The SSH client tab gives us instructions for creating a traditional SSH connection from a local machine. And the EC2 serial console would, if I had authorized access, give me a simulation of a direct serial connection to my instance. This could be useful for emulating older hardware operations.
The EC2 Run Command tool can help you automate the execution of common operations on multiple EC2 instances in one go. You get to Run Command from the Systems Manager dashboard. You'll find the Run Command menu item under Node Management. There are currently a hundred or so pre-built commands to choose from. Clicking on a command will let you input specific command parameters.
We'll make one more stop before bringing the course to an end, and that's AWS Security Hub. Security Hub is a single service that coordinates a number of other security-focused services. The goal is to establish an automated protocol of ongoing monitoring and alerting actions. With reliable and proactive alerts, you're much more likely to catch problems early and avoid others from hitting in the first place.
When you activate Security Hub, it'll run security checks against all the services and resources you've got within your account. If any vulnerability or failure to meet a best-practice standard is detected, you'll find out or, in some cases, the problem will be resolved automatically.