Enable VPC flow logs
Welcome to CloudAffaire and this is Debjeet
In the last blog post, we have created a custom VPC network ACL and denied all connection to our public subnet.
In this blog post, we are going to enable flow logs for the entire VPC with S3 as the destination.
Flow Logs: We can monitor the incoming and outgoing traffic in AWS using flow logs. If flow logs are enabled, AWS captures details like source IP, destination IP, port, etc. and send the data in log format to either cloud-watch or S3. You can setup flow logs across entire VPC, or across subnets, or to a specific network interface. AWS captures the data in the interval of 5 minutes. Flow logs not only capture allowed traffic but also capture traffic that is blocked. Hence you can use flow log to fine-tune your security groups\ACL configuration.
Next, we are going to enable flow logs for an entire VPC with the destination as S3. We have already created the VPC with a public subnet and an EC2 instance deployed within it. We have also created an empty S3 bucket where the logs will be delivered.
Enable VPC flow logs:
Step 1: Login to AWS console and navigate to ‘VPC’.
Step 2: Navigate to ‘Your VPCs’ and select your VPC. Click ‘Create flow log’ located under ‘Flow Logs’.
Step 3: Provide a filter and destination for the logs. Click ‘Create’.
Note: Flow logs supports logging of accepted\rejected\all traffic.
One success message will be displayed, click ‘Close’.
Flow log successfully enabled for the entire VPC
To view the logs, navigate to S3 bucket
Observe: Bucket policy is automatically created to save the logs in S3 bucket.
You will get the logs every 5 minutes interval in the S3 bucket.
Cleanup: Delete the flow logs and S3 bucket to stop incurring any cost.
Hope you have enjoyed this article. In the next blog post, we are going to discuss VPN connection.
To get more details on VPC, please refer below AWS documentation