Identifying IP Addresses with Flurry of Requests

The best option to zero in on the IP addresses which are receiving a flurry of requests on an EC2 instance is to use VPC Flow logs.

VPC Flow logs capture information about the IP traffic going to and from network interfaces in an Amazon VPC. This includes details such as the source and destination IP addresses, port numbers, protocols, and packet and byte counts. By analyzing VPC flow logs, you can gain visibility into the traffic flowing in and out of your VPC and understand what's happening with your network traffic.

To use VPC flow logs to get the IP addresses accessing the EC2 instances, you can follow these steps:

1. Go to the Amazon VPC console and select the VPC that contains your EC2 instances.
2. Click on the "Flow Logs" tab and then click on the "Create Flow Log" button.
3. Specify the details for the flow log, such as the traffic type and destination (e.g., Amazon S3 bucket or Amazon CloudWatch Logs), and then click "Create".
4. Once the flow log is created, you can access it to view the details of the traffic flowing in and out of your VPC.

Using AWS CloudTrail, AWS Config, or AWS Trusted Advisor will not provide you with the IP addresses accessing the EC2 instances. AWS CloudTrail provides a record of actions taken by a user, role, or AWS service in AWS, whereas AWS Config provides a detailed inventory of your AWS resources and their configuration history. AWS Trusted Advisor is a tool that helps you optimize your AWS infrastructure, identify security risks, and reduce costs. However, none of these services are designed to provide the level of detail needed to zero in on the IP addresses causing issues on an EC2 instance.