I am reading AWS VPC Flowlogs data (published to S3) which has internal IP of interfaces.
We can create flow logs for network interfaces that are created by other AWS services, such as:
Elastic Load Balancing
Amazon RDS
Amazon ElastiCache
Amazon Redshift
Amazon WorkSpaces
NAT gateways
Transit gateways ...etc.
How can we get type of service used in Flowlog record?
In describe-network-interfaces response
"InterfaceType": "interface",
"Ipv6Addresses": [],
"MacAddress": "0e:fa:f9:2d:95:8e",
"NetworkInterfaceId": "eni-02eb12a4080c84b00",
"OwnerId": "123412341234",
"PrivateDnsName": "ip-10-3-1-44.ec2.internal",
"PrivateIpAddress": "10.3.1.44",
I thought to use PrivateDnsName suffix but it takes the form ip-private-ipv4-address.ec2.internal for the us-east-1 Region, and ip-private-ipv4-address.region.compute.internal for other Regions and it looks it is same for all aws services.
Is there any way to get AWS service type from private IP address?
while creating flows logs you can use a custom format (below is all fields)
${dstaddr} ${dstport} ${end} ${flow-direction} ${instance-id} ${interface-id} ${log-status} ${packets} ${pkt-dst-aws-service} ${pkt-dstaddr} ${pkt-src-aws-service} ${pkt-srcaddr} ${protocol} ${region} ${srcaddr} ${srcport} ${start} ${sublocation-id} ${sublocation-type} ${subnet-id} ${tcp-flags} ${traffic-path} ${type} ${version} ${vpc-id}
out of these 2 fields,
${pkt-src-aws-service} ${pkt-dst-aws-service} are of yours interest which provides AWS services refer this aws doc
I verified these with s3 when ec2 communicates with s3 we get the service tag s3 with the relevant flow