Ensure VPC flow logging is enabled in all VPCs

VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. After you ve created a flow log, you can view and retrieve its data in Amazon CloudWatch Logs. It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.

Risk Level: Low
Cloud Entity: Amazon VPC
CloudGuard Rule ID: D9.TF.AWS.LOG.09
Covered by Spectral: No
Category: Compute


aws_flow_log should have (traffic_type= ALL  and vpc_id)


Perform the following to determine if VPC Flow logs is enabled Via the Management Console 1. Sign into the management console 2. Select Services then VPC 3. In the left navigation pane, select Your VPCs 4. Select a VPC 5. In the right pane, select the Flow Logs tab. 6. If no Flow Log exists, click Create Flow Log 7. For Filter, select Reject 8. Enter in a Role and Destination Log Group 9. Click Create Log Flow 10. Click on CloudWatch Logs Group

Amazon VPC

Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.

Compliance Frameworks

  • Terraform AWS CIS Foundations