US 11,659,004 B2
Networking flow logs for multi-tenant environments
Rajat Banerjee, Arlington, VA (US); Nathan Andrew Miller, Seattle, WA (US); Aniket Deepak Divecha, Seattle, WA (US); John Robert Kerl, Reston, VA (US); Mingxue Zhao, Seattle, WA (US); Shuai Ye, Herndon, VA (US); and Kevin Christopher Miller, Herndon, VA (US)
Assigned to Amazon Technologies, Inc., Seattle, WA (US)
Filed by Amazon Technologies, Inc., Seattle, WA (US)
Filed on Nov. 4, 2019, as Appl. No. 16/673,696.
Application 16/673,696 is a continuation of application No. 16/193,876, filed on Nov. 16, 2018, granted, now 10,469,536.
Application 16/193,876 is a continuation of application No. 15/605,194, filed on May 25, 2017, granted, now 10,187,427, issued on Jan. 22, 2019.
Application 15/605,194 is a continuation of application No. 14/673,516, filed on Mar. 30, 2015, granted, now 9,667,656, issued on May 30, 2017.
Prior Publication US 2020/0220900 A1, Jul. 9, 2020
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/06 (2006.01); H04L 9/40 (2022.01); H04L 43/067 (2022.01); H04L 43/0876 (2022.01)
CPC H04L 63/20 (2013.01) [H04L 43/067 (2013.01); H04L 43/0876 (2013.01); H04L 63/0227 (2013.01); H04L 63/0245 (2013.01); H04L 63/1408 (2013.01)] 23 Claims
OG exemplary drawing
 
1. A computer-implemented method, comprising:
provisioning a plurality of virtual machine instances in a virtual network hosted by a computing resource service provider, wherein the plurality of virtual machine instances is associated with a customer of the computing resource service provider;
identifying, based at least in part on an application programming interface (API) request by the customer, a subnet of the virtual network comprising a virtual machine instance of the plurality of virtual machine instances;
logging outgoing network traffic for the subnet by capturing information about outgoing Internet Protocol (IP) traffic going from the virtual machine instance of the subnet;
filtering, by a firewall, based at least in part on a security policy associated with the subnet, incoming network traffic to the virtual machine instance of the subnet;
causing, based at least in part on the logging of the outgoing network traffic and the filtering of the incoming network traffic, network log information associated with the virtual machine instance of the subnet to be filtered and generated, wherein the network log information includes at least a timestamp, a source IP address, and a destination IP address; and
exporting the network log information to a destination accessible to the customer.