Ensure that a metric filter that matches the pattern of the rejected traffic is created for the AWS CloudWatch log group assigned to VPC Flow Logs. VPC Flow Logs is a feature that enables you to record information about the IP traffic (accepted, rejected or all traffic) going to and from the network interfaces (ENIs) available within your VPC. The captured log data is stored using Amazon CloudWatch Logs service. You can manage flow log records as you would with any other log events collected by CloudWatch Logs. A metric filter defines the terms and patterns to look for in the flow log data as this is sent to AWS CloudWatch Logs. CloudWatch uses this metric filter to turn log data into numerical metrics that you can graph or set an alarm on. Prior to running this rule by the Cloud Conformity engine, the name of the VPC Flow Logs CloudWatch log group, e.g. <vpc_flow_log_group_name>, must be configured in the rule settings, on your Cloud Conformity account dashboard.
In order to quantify and have a detailed image of the rejected IP traffic available within your VPC, a metric filter must be created for the CloudWatch log group assigned to the VPC Flow Logs feature. Note: Make sure that you replace all <vpc_flow_log_group_name> placeholder found in the conformity rule content with the name of your own log group assigned to the VPC Flow Logs.
To determine if a metric filter that matches the pattern of the rejected traffic is available for the VPC Flow Logs CloudWatch log group, perform the following actions:
To create the necessary metric filter and attach it to the VPC Flow Logs CloudWatch log group available in your AWS account, perform the following actions: