Query flow logs using Amazon Athena

Amazon Athena is an interactive query service that enables you to analyze data in Amazon S3, such as your flow logs, using standard SQL. You can use Athena with VPC Flow Logs to quickly get actionable insights about the traffic flowing through your VPC. For example, you can identify which resources in your virtual private clouds (VPCs) are the top talkers or identify the IP addresses with the most rejected TCP connections.

Options

You can streamline and automate the integration of your VPC flow logs with Athena by generating a CloudFormation template that creates the required Amazon resources and predefined queries that you can run to obtain insights about the traffic flowing through your VPC.
You can create your own queries using Athena. For more information, see Query flow logs using Amazon Athena in the Amazon Athena User Guide.

Pricing

You incur standard Amazon Athena charges for running queries. You incur standard Amazon Lambda charges for the Lambda function that loads new partitions on a recurring schedule (when you specify a partition load frequency but do not specify a start and end date.)

To use the predefined queries

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Create a flow log that publishes to Amazon Data Firehose

Generate the CloudFormation template using the console