Enable Flow Logs for your VPC and collect all traffic in and out of your VPC network — AWS Security

You can use VPC Flow Logs to are to collect all the traffic requests in and out of your VPC network, it helps to better troubleshoot for networking and they can be used with CloudWatch Event triggers to alarm if something happens you did not expect.

I will recommend all to use VPC Flow Logs, I know it will cost for storage into S3 Bucket, CloudWatch collection, or what your destination will be for Flow Logs, and I will recommend keeping it up for like 3 months or longer.

Create IAM Role to allow Flow Logs to be sent to the CloudWatch Log Group

First, we need to create an IAM Role there allows the Flow Logs to send data into a CloudWatch Log Group, so go to IAM > Roles and click Create role.

Now select Custom trust policy under the Trusted entity type and add the vpc-flow-logs.amazonaws.com as a principal service.

You should click next until you hit the review pages where you name your new role with a name you easily can find, this role can be reused every time…

--

--

Paris Nakita Kejser
DevOps Engineer, Software Architect and Software Developering

DevOps Engineer, Software Architect, Software Developer, Data Scientist and identify me as a non-binary person.