Setting up AWS VPC flow log to capture info about IP traffic to network interfaces in VPC → can do alerting, source IPs, port checks, ad hoc queries.

Within a VPC we have a subnet, within that we have an EC2 instance inside a security group. EC2 uses an ENI bus to ship data to VPC flow logs, that then send data either to an S3 bucket for athena or it gets sent to CloudWatch which can process events into CloudWatch Alarm → SNS → email → user