×
Cloud Computing Cloud Services Technologies Virtualization

Steps to Enable and Analysis VPC Flow Logs in AWS

In this blog, we will show you the steps to enable and analysis VPC Flow Logs in AWS.

FLOW LOGS OVERVIEW

  • Flow logs are used to check the list of traffic( s ) that are accepted or rejected by the security group.
  • We can enable the flow logs at Interface Level, Subnet Level & VPC Level.
  • The VPC flow logs contain version, account-id, interface-id, src addr, dest addr, src port, dest port, protocol, packets bytes, start, end, action, and log status.
  • If we enable the flow logs at the VPC level, it will enable all the network interface connecting with it.

ENVIRONMENT OVERVIEW

 

  • We have created a VPC with 2 subnets in a different availability zone.

Steps to Enable and Analysis VPC Flow Logs in AWS

 

Steps to Enable and Analysis VPC Flow Logs in AWS

 

  • Also, We have created a windows EC2 instance for this demo.

Steps to Enable and Analysis VPC Flow Logs in AWS

 

ENABLING FLOW LOGS

 

  • Open the VPC dashboard and click on Your VPC’s.

Steps to Enable and Analysis VPC Flow Logs in AWS

 

  • Select the VPC and click on the Flow Logs tab.

Steps to Enable and Analysis VPC Flow Logs in AWS

 

  • Click on Create Flow log.

Steps to Enable and Analysis VPC Flow Logs in AWS

 

  • Select the Filter Type as All and select the destination as CloudWatch.

Steps to Enable and Analysis VPC Flow Logs in AWS

 

  • Provide the destination group name and click on the setup permission link.

Steps to Enable and Analysis VPC Flow Logs in AWS

 

  • For the demo purpose, leave the default settings and click on the Allow button.

Steps to Enable and Analysis VPC Flow Logs in AWS

 

  • Select the IAM Role named flowlogsRole from the drop-down list. Then click on the create button.

Steps to Enable and Analysis VPC Flow Logs in AWS

 

  • Flow log created successfully.

Steps to Enable and Analysis VPC Flow Logs in AWS

 

Steps to Enable and Analysis VPC Flow Logs in AWS

 

VERIFICATION

  • For the testing purpose, we try to telnet a few ports to gather logging.

Steps to Enable and Analysis VPC Flow Logs in AWS

 

  • Go to the cloud watch and click on logs option.

 

  • You will able to see the VPC log group in the cloud watch.

 

  • Now you can able to see the VPC flow logs as shown below.

 

  • We tested 3306 and 3389 ports and you can see the flow logs result below.

 

REFERENCE

Flow logs

 

Thanks for reading this blog. We hope it was useful for you to learn about the Steps to Enable and Analysis VPC Flow Logs in AWS.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.