0

I am kinda new to Operations. We are currently able to log outgoing TCP connections initiated by Lambda functions passing through a NAT Gateway. However, we require to be able to log outbound HTTP traffic as well. Since, according to my understanding, both the NAT gateway and Network Firewall are layer 4 devices I believe there’s no way they can help us log Layer 7 traffic.

What is the recommended way to log outgoing HTTP traffic passing through a NAT gateway?

Luis Fernández
  • 13
  • 3
  • I think I have found an AWS feature that might help me log egress HTTP traffic: Traffic Mirroring, which allows mirroring traffic from an Elastic Network Interface and target it towards a Network Balancer / EC2 instance for traffic analysis using a tool like suricata, which in turn, allows to identify and log HTTP sessions. The problem is, that Traffic Mirroring doesn't let having a NAT Gateway's ENI as a traffic source for some reason, so I still don't have the whole solution to this requirement. – Luis Fernández Aug 16 '22 at 21:53
  • what do you want to log exactly? any logs (VPC flow logs, for example) collected by the L4 devices would include the L7 traffic in them, you just won't be able to tell the HTTP traffic apart from normal TCP. – Dan Feb 15 '23 at 19:52

0 Answers0