AWS Cloud Observability

Kentik ingests three core telemetry types from AWS: VPC flow logs (and Transit Gateway flow logs and Network Firewall logs), AWS metadata via API (VPCs, subnets, availability zones, security groups, route tables, gateways, Transit Gateways, and other infrastructure context), and metrics from connectivity services including AWS Direct Connect, AWS VPN, Transit Gateway, and PrivateLink. Together, these provide complete visibility into traffic patterns, topology, and performance across AWS environments. For Amazon EKS, Kentik also supports the eBPF-based Kentik Kappa agent for pod-level Kubernetes traffic visibility.

Kentik is delivered as SaaS, so there’s no on-premises infrastructure to deploy. AWS setup involves three steps: enable VPC and Transit Gateway flow logs to a dedicated S3 bucket, create an IAM role granting Kentik read access to the bucket and AWS APIs, and configure a “cloud export” in the Kentik portal that connects to your AWS environment. Setup can be done manually or automated with the Kentik Terraform provider. Kentik is also available on the AWS Marketplace for procurement and billing through your existing AWS contract.

Kentik ingests Transit Gateway flow logs alongside VPC flow logs to provide unified visibility into traffic between VPCs, on-premises networks, and external destinations. For Direct Connect, Kentik collects connectivity metrics that show utilization, performance, and traffic distribution across each Direct Connect connection. The combination lets teams trace traffic end-to-end — from on-premises through Direct Connect, into the Transit Gateway, and across VPCs — in a single view, with the AWS metadata context that explains which resources are involved at each hop.

Inter-AZ and inter-region monitoring requires correlating VPC flow logs with AWS metadata (which AZs and regions each resource belongs to) and synthetic tests between locations. Kentik supports this by automatically tagging flow records with AZ and region information from AWS APIs, surfacing inter-AZ and inter-region traffic patterns in the Kentik Map, and running synthetic tests from agents deployed in different AWS regions to measure latency, loss, and reachability between them. This makes it possible to detect performance regressions on specific paths and attribute the cost of cross-AZ or cross-region data transfer to specific applications or business units.

AWS data transfer charges accumulate from inter-AZ traffic, cross-region replication, NAT Gateway processing, and egress to the internet — and most teams have limited visibility into which applications and traffic flows are driving the cost. Kentik analyzes VPC and Transit Gateway flow logs to surface the highest-cost flows, attribute traffic to specific VPCs, services, or business units, and identify suboptimal routing decisions (for example, traffic crossing AZs unnecessarily, or egressing through a more expensive path than needed). Teams use this data to optimize architecture, negotiate Direct Connect or AWS pricing with evidence, and reduce monthly data transfer spend.

For Amazon EKS, Kentik provides pod-level network visibility through the Kentik Kappa agent, an eBPF-based agent that captures container traffic without sidecar deployment overhead. Kappa surfaces pod-to-pod and pod-to-service traffic, including key performance indicators like retransmit rate and out-of-order packet rate, and correlates that traffic with the underlying VPC and AWS infrastructure context. This makes it possible to investigate microservice performance issues at both the Kubernetes layer and the AWS network layer in a single platform — useful when EKS performance problems turn out to have causes in VPC routing, security group rules, or cloud network paths.

ffective correlation requires both data sources to live in environments that share time-aligned context — typically by integrating an APM platform (Datadog, New Relic, Dynatrace) that captures application metrics with a network intelligence platform that captures cloud network telemetry, BGP routing, and synthetic measurements. Kentik supports this by ingesting AWS flow logs, AWS metadata, and synthetic test data, then exposing the results through APIs and integrations that connect with major APM platforms — letting application teams trace performance issues from service symptoms back to AWS network root causes.

AWS CloudWatch and AWS native monitoring (VPC Flow Logs in CloudWatch, AWS Network Manager, Reachability Analyzer) are essential for AWS-specific operational visibility, but they’re scoped to AWS itself. Kentik complements AWS native tooling by providing cross-environment analytics — correlating AWS traffic with on-premises NetFlow, multi-cloud telemetry from Azure and GCP, BGP routing, and internet path data — and by adding capabilities AWS native tools don’t provide, including ingest-time enrichment with BGP and AS path metadata, flow-level forensics across hybrid environments, cloud egress cost analytics, and AI-driven investigation through Kentik AI Advisor. Most teams use both: AWS native tools for AWS-specific operations and Kentik for the cross-environment network intelligence that AWS native tools weren’t designed to deliver.

For more detail, see our article, CloudWatch Alternatives: Enhancing Multicloud Network Observability.