In this blog, we will show you the steps to enable and analysis VPC Flow Logs in AWS.
FLOW LOGS OVERVIEW
- Flow logs are used to check the list of traffic( s ) that are accepted or rejected by the security group.
- We can enable the flow logs at Interface Level, Subnet Level & VPC Level.
- The VPC flow logs contain version, account-id, interface-id, src addr, dest addr, src port, dest port, protocol, packets bytes, start, end, action, and log status.
- If we enable the flow logs at the VPC level, it will enable all the network interface connecting with it.
ENVIRONMENT OVERVIEW
- We have created a VPC with 2 subnets in a different availability zone.
- Also, We have created a windows EC2 instance for this demo.
ENABLING FLOW LOGS
- Open the VPC dashboard and click on Your VPC’s.
- Select the VPC and click on the Flow Logs tab.
- Click on Create Flow log.
- Select the Filter Type as All and select the destination as CloudWatch.
- Provide the destination group name and click on the setup permission link.
- For the demo purpose, leave the default settings and click on the Allow button.
- Select the IAM Role named flowlogsRole from the drop-down list. Then click on the create button.
- Flow log created successfully.
VERIFICATION
- For the testing purpose, we try to telnet a few ports to gather logging.
- Go to the cloud watch and click on logs option.
- You will able to see the VPC log group in the cloud watch.
- Now you can able to see the VPC flow logs as shown below.
- We tested 3306 and 3389 ports and you can see the flow logs result below.
REFERENCE
Thanks for reading this blog. We hope it was useful for you to learn about the Steps to Enable and Analysis VPC Flow Logs in AWS.
