Require Vpc Flow Logs For All Vpcs

VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. After you’ve created a flow log, you can view and retrieve its data in Amazon CloudWatch Logs. It is recommended that VPC Flow Logs be enabled for packet “Rejects” for VPCs.

VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.

Impact

Without VPC flow logs, you risk not having enough information about network traffic flow to investigate incidents or identify security issues.

Links

• https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/RootDeviceStorage.html