Create VPC Flow Logs
Create VPC Flow Logs
VPC Flow Logs is a feature that allows you to monitor information about IP traffic to and from network interfaces in your VPC. Stream log data can be published to Amazon CloudWatch Logs or Amazon S3. After creating a stream log, you can retrieve and view its data at the selected destination.
Stream logs can help you with several tasks, such as:
- Diagnose security group rules that are too restrictive
- Monitor traffic to your EC2 instance
- Determine the direction of traffic to and from network interfaces
- Flow log data is collected outside your network traffic path and therefore has no impact on network traffic or latency. You can create or delete stream logs without the risk of affecting network performance.
In this lab, Stream data will be published to Amazon CloudWatch Logs.
Using CloudFormation to deploy infrastructure
- Create IAM Role to use to push flow logs to cloudwatch
- Cloud Watch Log Group, the flow log will be pushed to this group.
- EC2 instance, used to check traffic
-
We must prepare
- Download file VPC-Flow-Logs-Lab.yaml
- Go to AWS Management Console, find CloudFormation
- Select CloudFormation
-
In the AWS CloudFormation interface
- Select Create stack
- Select With new resources
-
In the Create stack interface
- Select Template is ready
- Select Upload a template file
- Select Choose file
- Select the downloaded yaml file.
- Select Next
-
In the Specify stack details interface
- Enter
Network-Monitoring - For Parameters, select the created VPC
- Select Public subnet created
- Select Next
- Enter
-
Select Next
-
Select Create stack
-
Complete stack creation
-
Access to EC2 interface, the test created 1 EC2 instance.
-
Use Public IPv4 DNS to access.
