Analyze AWS Traffic with VPC Flow Logs

Spread the love


Hi,

In this post of devOpsJourney , you will see how to setup “VPC Flow Logs in AWS”.

Now a days with the increase of user traffic, many organization collect and analyze network logs to troubleshoot connectivity and security issues.

Storing and analyzing network logs in AWS is now easy with VPC Flow Logs.

We can store logs, can create a filter on top of logs and send alerts if certain traffic is identified.

How to setup VPC Flow Logs ?? – We’ll go step by step .

Step 1 : Go to IAM and create a role named “flowlogsRole” for CloudWatch with following policy document. This Role allows VPC Flow Log to create LogStream under a LogGroup in AWS CloudWatch.

3_policy_doc

 

 

 

 

 

 

 

 

 

Step 2: Go to AWS VPC console. Select your VPC, and click on “create Flow Log”.

1_create_flow_log

 

Step 3 : Enter the following information. After creation of Flow Logs , it takes approximatlely 10-15 minutes to create log stream.

4_create_flow_log

 

Step 4 : Now In order to test, create a EC2 instance in same VPC and install a webserver (httpd) with a static web page in it. Note Down its private IP.
instance-ip

Step 5: Try hitting public IP of instance in a browser.

5_hit_ip

 

 

 

 

 

Step 6 : Go to AWS Cloud Watch. Click on Logs in left Menus . Click on LogGroup you created .

2_cloudwatch_loggroup

 

 

 

 

 

Step 7 : Click on LogStream. You will see Log Stream of VPC Logs. Find private IP of your instance.

cloudwatch_logs

 

So In this way , we can setup VPC Flow Logs easily and analyze the network logs.

This was all about our post. Let us know if you have any questions, suggestions, feedback. We ‘ll surely look into this.




Thanks.

— Dushyant Mehta
Share with your network.

Leave a Reply

Your email address will not be published. Required fields are marked *