AWS ALB vTap

Owned by John Gerlock
Last updated: Aug 10, 2023
1 min read

Mirroring Traffic from an AWS ALB works by deploying a lambda to continually monitoring the target group for an AWS ALB and for each ec2 instance of the target group, an additional interface is added, and that interface sends a copy of the traffic to our service to be analyzed. When instances are added to the ALB's target group, in response to autoscaling or any other necessity, the lambda will detect the new instances and add the additional interface to support mirroring.

 

Not all instance type support traffic mirroring:

  • Traffic Mirroring is not available on the following virtualized Nitro instance types:

    • General purpose: M6a, M6i, M6in, M7g

    • Compute optimized: C6a, C6gn, C6i, C6id, C6in, C7g, Hpc6a

    • Memory optimized: R6a, R6i, R6id, R6idn, R6in, R7g, R7iz, X2idn, X2iedn, X2iezn

    • Storage optimized: I4g, I4i, Im4gn, Is4gen

    • Accelerated computing: Inf2, Trn1

  • Traffic Mirroring is not available on bare metal instances.

  • Traffic Mirroring is available only on the following non-Nitro instances types: C4, D2, G3, G3s, H1, I3, M4, P2, P3, R4, X1, and X1e. Note that this does not include T2 instances.