VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Can publish the flow log data directly to Amazon CloudWatch. flow log data is published to a log group, and each network interface has a unique log stream in the log group.
In this hands-on giude, we will set up and use VPC Flow Logs and publish the data to Amazon CloudWatch.
Create a CloudWatch Log Group
1- Open the CloudWatch console.
2- In the navigation pane, choose Log groups and then choose Create log group.
3- Enter a name for the log group, and then choose Create.
Create a Iam role
1- Navigate to the IAM Console and create a role for EC2 Service
2- Enter the Role name and click on create a role
3- Open the role and attach the below inline policy
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:CreateLogGroup", "logs:PutLogEvents" ], "Resource": "*" } ] }
4- Click on Trust Relationship, choose Edit trust relationship and copy the below policy:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "vpc-flow-logs.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }
Create VPC Flow Logs
1- Open the Amazon VPC console
2- Select your VPC and then choose Create flow log.
3-
- (Optional) For Name, enter a name or leave it blank
- For Filter, specify the type of traffic to log. Choose All to log accepted and rejected traffic, Reject to log only rejected traffic, or Accept to log only accepted traffic.
- For Maximum aggregation interval, choose the maximum period of time during which a flow is captured and aggregated into one flow log record.
- For Destination, choose Send to CloudWatch Logs
- For Destination log group, chose the name of the destination log group that you created in the first step.
- For IAM role, specify the name of the role that you created in the second step.
- For Log record format, choose AWS default format.
- Choose Create flow log.
4- Wait for few minutes, open the CloudWatch dashboard and choose the Log group that you created. You will see the Log stream Traffic.
Conclusion
You have learned how to TO set up and use VPC Flow Logs and publish the data to Amazon CloudWatch. You might want to check the following guides: