Once enabled, the Flow Logs feature will start collecting network traffic data to and from your Virtual Private Cloud (VPC), data that can be useful to detect and troubleshoot security issues and make sure that the network access rules are not overly permissive.
This rule can help you with the following compliance standards:
- The Center of Internet Security AWS Foundations Benchmark
- Payment Card Industry Data Security Standard (PCI DSS)
- General Data Protection Regulation (GDPR)
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Enabling VPC Flow Logs will help you detect security and access issues like overly permissive security groups and network ACLs and alert abnormal activities triggered within your Virtual Private Cloud network such as rejected connection requests or unusual levels of data transfer.
Notes: Availability: this feature is not available yet in the following AWS regions: Asia Pacific (Seoul) and South America (Sao Paulo).
Pricing: since the Flow Log records are made available through AWS CloudWatch, the standard CloudWatch Logs pricing is applied ($0.50 per GB ingested and $0.03 per GB archived / month).
To determine if your VPC network has Flow Logs enabled, perform the following:
Remediation / Resolution
To enable Flow Logs for your VPC, you need to create first an IAM role that will grant permissions to publish flow log streams to the specified log group in CloudWatch Logs
Step 1: create the IAM role.
Step 2: enable VPC Flow Logs
- AWS Documentation
- Security in Your VPC
- VPC Flow Logs
- Creating IAM Roles
- Creating a Role to Delegate Permissions to an AWS Service
- Overview of IAM Policies
- Install and Configure the CloudWatch Logs Agent
on an Existing EC2 Instance
- AWS Command Line Interface (CLI) Documentation
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
VPC Flow Logs Enabled
Risk level: Low