Ensures VPC flow logs are enabled for traffic logging
VPC flow logs record all traffic flowing in to and out of a VPC. These logs are critical for auditing and review after security incidents.
Follow the appropriate remediation steps below to resolve the issue.
Log into the AWS Management Console.
Select the “Services” option and search for VPC.
Scroll down the left navigation panel and choose “Your VPC” under “VPC Dashboard”.
Select the “VPC” that needs to be verified for “VPC Flow Logs”.
Scroll down the bottom dashboard panel and choose “Flow Logs” tab. If there are no flow logs then “You do not have any Flow Logs in this region” message will be displayed.
Repeat steps number 2 - 6 to verify “Flow Logs” are enabled or not in other VPCs in the region.
Navigate to “VPC Dashboard” and choose “Your VPC” and click on the “Flow Logs” tab in the bottom dashboard panel.
Click on the “Create flow log” button to create the “VPC Flow Logs”.
In the “Create flow log” dialog box select the “Filter” from the dropdown menu that describes the type of traffic to be logged.
Select the destination to which the flow log data is to be published from the options.If the “S3 bucket” is selected for the log data to be published than provide the “S3 Bucket ARN” which is the ARN of the Amazon S3 bucket to which the flow log is published and click on the “Create” button at the bottom.
If destination for the “flow log data” is selected as “Send to CloudWatch Logs” then enter the log destination in “Destination Group” which is the name of the “Amazon CloudWatch Logs” log group to which the flow log is published.
Select the “IAM role” that has permission to publish to the “Amazon CloudWatch Logs” log group and click on the “Create” button to make the necessary changes.
Repeat steps number 7 - 12 to enable VPC flow logs for other “VPCs” in the region.