# What is Traffic Mirroring? Traffic Mirroring is an Amazon VPC feature that you can use to copy network traffic from an elastic network interface of type `interface`. You can then send the traffic to out-of-band security and monitoring appliances for: + Content inspection + Threat monitoring + Troubleshooting The security and monitoring appliances can be deployed as individual instances, or as a fleet of instances behind either a Network Load Balancer or a Gateway Load Balancer with a UDP listener. Traffic Mirroring supports filters and packet truncation, so that you can extract only the traffic of interest, using the monitoring tools of your choice. ## Traffic Mirroring concepts The following are the key concepts for Traffic Mirroring: + **Source** — The network interface to monitor. + **Filter** — A set of rules that defines the traffic that is mirrored. + **Target** — The destination for mirrored traffic. + **Session** — Establishes a relationship between a source, a filter, and a target. ## Work with Traffic Mirroring You can create, access, and manage your traffic mirror resources using any of the following: + **AWS Management Console**— Provides a web interface that you can use to access your traffic mirror resources. + **AWS Command Line Interface (AWS CLI)** — Provides commands for a broad set of AWS services, including Amazon VPC. The AWS CLI is supported on Windows, macOS, and Linux. For more information, see [AWS Command Line Interface](https://aws.amazon.com/cli/). + **AWS SDKs** — Provide language-specific APIs. The AWS SDKs take care of many of the connection details, such as calculating signatures, handling request retries, and handling errors. For more information, see [AWS SDKs](https://aws.amazon.com/developer/tools/). + **Query API**— Provides low-level API actions that you call using HTTPS requests. Using the Query API is the most direct way to access Amazon VPC. However, it requires that your application handle low-level details such as generating the hash to sign the request and handling errors. For more information, see [Amazon VPC actions](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/OperationList-query-vpc.html) in the *Amazon EC2 API Reference*. ## Traffic Mirroring benefits Traffic Mirroring offers the following benefits: + **Simplified operation** — Mirror any range of your VPC traffic without having to manage packet forwarding agents on your EC2 instances. + **Enhanced security** — Capture packets at the elastic network interface, which cannot be disabled or tampered with from a user space. + **Increased monitoring options** — Send your mirrored traffic to any security device. ## Regional availability Traffic Mirroring is available in all Regions. ## Supported instance types Instance types in the following instance families are supported as Traffic Mirroring source. ### Virtualized instances Virtualized instance types in the following instance families are supported as Traffic Mirroring source: + **General purpose:** A1 \$1 M4 \$1 M5 \$1 M5a \$1 M5ad \$1 M5d \$1 M5dn \$1 M5n \$1 M5zn \$1 M6a \$1 M6g \$1 M6gd \$1 M6i \$1 M6id \$1 M6idn \$1 M6in \$1 M7a \$1 M7g \$1 M7gd \$1 M7i \$1 M7i-flex \$1 Mac1 \$1 Mac2 \$1 Mac2-m1ultra \$1 Mac2-m2 \$1 Mac2-m2pro \$1 T3 \$1 T3a \$1 T4g + **Compute optimized:** C4 \$1 C5 \$1 C5a \$1 C5ad \$1 C5d \$1 C5n \$1 C6a \$1 C6g \$1 C6gd \$1 C6gn \$1 C6i \$1 C6id \$1 C6in \$1 C7a \$1 C7g \$1 C7gd \$1 C7i \$1 C7i-flex + **Memory optimized:** R4 \$1 R5 \$1 R5a \$1 R5ad \$1 R5b \$1 R5d \$1 R5dn \$1 R5n \$1 R6a \$1 R6g \$1 R6gd \$1 R6i \$1 R6id \$1 R6idn \$1 R6in \$1 R7a \$1 R7g \$1 R7gd \$1 R7i \$1 R7iz \$1 U-3tb1 \$1 U-6tb1 \$1 U-9tb1 \$1 U-12tb1 \$1 U-18tb1 \$1 U-24tb1 \$1 U7i-6tb \$1 U7i-8tb \$1 U7i-12tb \$1 U7in-16tb \$1 U7in-24tb \$1 U7in-32tb \$1 U7inh-32tb \$1 X1 \$1 X1e \$1 X2gd \$1 X2idn \$1 X2iedn \$1 X2iezn \$1 z1d + **Storage optimized:** D2 \$1 D3 \$1 D3en \$1 H1 \$1 I3 \$1 I3en \$1 I4g \$1 I4i \$1 I7i \$1 Im4gn \$1 Is4gen + **Accelerated computing:** DL1 \$1 DL2q \$1 F1 \$1 F2 \$1 G3 \$1 G4ad \$1 G4dn \$1 G5 \$1 G5g \$1 G6 \$1 G6e \$1 G6f \$1 Gr6 \$1 Gr6f \$1 Inf1 \$1 Inf2 \$1 P3 \$1 P3dn \$1 P4d \$1 P4de \$1 P5 \$1 P5e \$1 Trn1 \$1 Trn1n \$1 VT1 + **High-performance computing:** Hpc6a \$1 Hpc6id \$1 Hpc7a ### Bare metal instances Bare metal instance types in the following instance families are supported as Traffic Mirroring source: + **General purpose:** M5 \$1 M5d \$1 M6g \$1 M6gd \$1 Mac1 \$1 Mac2 \$1 Mac2-m1ultra \$1 Mac2-m2 \$1 Mac2-m2pro \$1 A1 + **Compute optimized:** C5 \$1 C5d \$1 C6g \$1 C6gd + **Memory optimized:** R5 \$1 R5b \$1 R5d \$1 R6g \$1 R6gd \$1 X2gd \$1 z1d + **Storage optimized:** I3 + **Accelerated computing:** G5g + **Previous generation:** A1 **Note** Only Nitro v2 bare-metal instances are supported as Traffic Mirroring source. Bare metal instances of any other Nitro version are not supported as Traffic Mirroring source. ## Pricing You are charged on an hourly basis for each active traffic mirror session. You'll continue to be charged for Traffic Mirroring until you [delete all active traffic mirror sessions](create-traffic-mirroring-session.md). For example, you'll still be charged in the following scenarios: + You detached the network interface from the mirror source + You stopped or terminated the mirror source + You changed the instance type of the mirror source to an unsupported instance type [Data transfer charges apply](https://docs.aws.amazon.com/cur/latest/userguide/cur-data-transfers-charges.html). If your traffic mirroring targets are behind a gateway or network load balancer, data processing for the load balancing services also applies. For information about pricing for Traffic Mirroring, see **Network Analysis** on the [Amazon VPC pricing](https://aws.amazon.com/vpc/pricing/) page.