Configure AWS VPC Flow logs to CloudWatch Log group

To
You can download this article in PDF format via the link below to support us.

Download the guide in PDF format

turn off
To

To
To

In this short tutorial, we will discuss how to enable VPC flow logs in your AWS account. VPC flow log is an AWS function that can capture IP traffic information that traverses network interfaces in the VPC. We will configure to publish the collected data to the Amazon CloudWatch Logs group, but S3 can also be used as a target. Since flow log data is collected outside the network traffic path, it will not affect network throughput or latency.

By accessing VPC flow logs, you can:

  • Monitor the traffic reaching your instance
  • Determine the direction of traffic to and from the network interface
  • Diagnose too strict security group rules

You can create or delete flow logs without affecting network performance. This can be done on the VPC, subnet or network interface. When enabled at the VPC or subnet level, each network interface in the subnet or VPC will be monitored.

Configure AWS VPC Flow logs to CloudWatch Log group

Before you begin, you need to install and configure the AWS CLI. For the complete article writing method, please refer to the following article.

Install and use AWS CLI on Linux-Ubuntu / Debian / CentOS

Confirm that your AWS CLI is running by obtaining an identity.

aws sts get-caller-identity

You also need to have administrative permissions in your AWS account to complete this tutorial. Access to the AWS console is also important for data visualization.

Step 1: Create IAM policies and roles

The first step is to create an IAM role that enables the service to forward logs on our behalf. You can do this on the AWS console or CLI. This is an IAM role used to publish flow logs to CloudWatch log groups.

Before creating a role, you need an IAM policy that can be created in the following locations IAM>Strategy>Create Policy > JSON. Paste the data below.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents",
                "logs:DescribeLogGroups",
                "logs:DescribeLogStreams"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

Name the policy and finish creating it.

To create an IAM role, go to Identity and Access Management (IAM) > character of > Creating a Role. For trusted entity type, select “AWS services“with “EC2”

Configure AWS VPC Flow logs to CloudWatch Log group

Click “Next” to attach permissions. in”Additional permissions policy“Page, select the strategy you created earlier.

Configure AWS VPC Flow logs to CloudWatch Log group

Name the role to complete the creation. I call me IAM-release process log, Has the same name as the policy.

Configure AWS VPC Flow logs to CloudWatch Log group

Copy Role ARN And save it somewhere.

Step 2: Edit the trust relationship

You also need to enable the trust relationship so that the IAM role can access the CloudWatch Log group. Go to AWS Roles and click on the role you created in step 1.

Click “Edit trust policy“To update the policy.

Configure AWS VPC Flow logs to CloudWatch Log group

Add the following content:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
         "Service": "vpc-flow-logs.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Click “Update trust policy“Button to update the relationship.

Step 3: Create CloudWatch Log group

The CloudWatch log group defines where to record the log stream. It was created on Services> CloudWatch> Logs> Operations> Create Log Group.

Configure AWS VPC Flow logs to CloudWatch Log group

Click the Create button to proceed.

Step 4: Enable AWS VPC flow logs

To enable the flow log, select service > VPC > Your VPC > YourVPCName>Create flow log

Configure AWS VPC Flow logs to CloudWatch Log group

Fill in all required information:

  • Name the flow log
  • Select the type of traffic filter
  • Aggregation interval
  • Target-can be CloudWatch Logs or Amazon S3 bucket
  • Target log group in CloudWatch
  • IAM role has permission to publish to selected log group
  • Log format

My settings are shown in the picture below.

Configure AWS VPC Flow logs to CloudWatch Log group

Click the Create Flow Log button to complete the setting. You can confirm the success of the creation by listing the available flow logs.

Configure AWS VPC Flow logs to CloudWatch Log group

Clicking on the “Target Name” link should take you to the “Logs” group, where you can filter the log stream. You can also enable it from the CLI:

aws ec2 create-flow-logs --resource-type VPC --resource-ids  --traffic-type ALL --log-group-name  --deliver-logs-permission-arn 

More articles about AWS:

Use EKS to easily set up a Kubernetes cluster on AWS

Create AWS IAM users and groups using AWS CLI

How to rename IAM username on AWS

Learning materials:


AWS Certified Solution Architect-Assistant 2020

AWS Certified Solution Architect-Assistant 2020

★★★★★
(189232)

$ 15.43

$154.29

In stock

Buy now

Configure AWS VPC Flow logs to CloudWatch Log groupUdemy.com


Final AWS Certified Solution Architect 2020 Assistant

Final AWS Certified Solution Architect 2020 Assistant

★★★★★
(42835)

$ 15.43

$154.29

In stock

Buy now

Configure AWS VPC Flow logs to CloudWatch Log groupUdemy.com


AWS Certified Developer-Assistant 2020

AWS Certified Developer-Assistant 2020

★★★★☆
(37528)

$20.18

$ 178.02

In stock

Buy now

Configure AWS VPC Flow logs to CloudWatch Log groupUdemy.com


The final AWS Certified Developer Assistant 2020-New!

The final AWS Certified Developer Assistant 2020-New!

★★★★★
(25975)

$26.11

$237.37

In stock

Buy now

Configure AWS VPC Flow logs to CloudWatch Log groupUdemy.com


Amazon Web Services (AWS) certification-4 certifications!

Amazon Web Services (AWS) certification-4 certifications!

★★★★☆
(16244)

$ 15.43

$154.29

In stock

Buy now

Configure AWS VPC Flow logs to CloudWatch Log groupUdemy.com

You can download this article in PDF format via the link below to support us.

Download the guide in PDF format

turn off
To

To
To

Sidebar