Mirroring Traffic from an AWS ALB works by deploying a lambda to continually monitoring the target group for an AWS NLB and for each ec2 instance of the target group, an additional interface is added, and that interface sends a copy of the traffic to our service to be analyzed. When instances are added to the NLBs target group, in response to autoscaling or any other necessity, the lambda will detect the new instances and add the additional interface to support mirroring.
Not all instance type support traffic mirroring:
Traffic Mirroring is not available on the following virtualized Nitro instance types:
General purpose: M6a, M6i, M6in, M7g
Compute optimized: C6a, C6gn, C6i, C6id, C6in, C7g, Hpc6a
Memory optimized: R6a, R6i, R6id, R6idn, R6in, R7g, R7iz, X2idn, X2iedn, X2iezn
Storage optimized: I4g, I4i, Im4gn, Is4gen
Accelerated computing: Inf2, Trn1
Traffic Mirroring is not available on bare metal instances.
Traffic Mirroring is available only on the following non-Nitro instances types: C4, D2, G3, G3s, H1, I3, M4, P2, P3, R4, X1, and X1e. Note that this does not include T2 instances.