{"id":948,"date":"2017-12-18T00:08:04","date_gmt":"2017-12-18T00:08:04","guid":{"rendered":"http:\/\/wiki.thomasandsofia.com\/?p=948"},"modified":"2017-12-18T00:08:04","modified_gmt":"2017-12-18T00:08:04","slug":"vpc-flow-logs","status":"publish","type":"post","link":"https:\/\/wiki.thomasandsofia.com\/?p=948","title":{"rendered":"VPC Flow Logs"},"content":{"rendered":"<h2>VPC Flow Logs<\/h2>\n<ul>\n<li>VPC FLow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC.<\/li>\n<li>Flow log data is stored using Amazon CloudWatch logs.\u00a0 After you&#8217;ve created a flow log, you can view and retrieve its data in Amazon CloudWatch Logs.<\/li>\n<li>Flow Logs can be created at the following levels\n<ul>\n<li>VPC &#8211; Captures all data flowing in and out of the VPC<\/li>\n<li>Subnet &#8211; &#8211; Captures all data flowing in and out of the Subnet<\/li>\n<li>Network Interface &#8211; for specific instances<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>To Create a Flow Log<\/h3>\n<ul>\n<li>VPC &gt; Select VPC &gt; Actions &gt; Create Flow Log<\/li>\n<li>Filter:\n<ul>\n<li>All (Log all traffic)<\/li>\n<li>Accept (Log only accepted traffic)<\/li>\n<li>Reject (Log only rejected traffic)<\/li>\n<\/ul>\n<\/li>\n<li>Role\n<ul>\n<li>Requires a IAM role to access CloudWatch.\u00a0 This can be created at this time.<\/li>\n<li>Destination Log Group\n<ul>\n<li>This needs to be setup in CloudWatch.\n<ul>\n<li>CloudWatch &gt; Logs &gt; Actions &gt; Create log group &gt; &#8220;MyVPCFlowLog&#8221;<\/li>\n<\/ul>\n<\/li>\n<li>Select the log you just created.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Viewing the log<\/h3>\n<ul>\n<li>CloudWatch &gt; Logs &gt; Click LogFileName.<\/li>\n<li>Logs can be streamed to Lambda, which can filter and take action\n<ul>\n<li>Block malicious traffic?<\/li>\n<\/ul>\n<\/li>\n<li>Data can be exported to S3<\/li>\n<li>Data can be streamed to Elasticsearch Service<\/li>\n<\/ul>\n<h2>Exam Tips<\/h2>\n<ul>\n<li>You cannot enable Flow Logs for VPCs that are peered with your VPC unless the peer VPC is in your account.<\/li>\n<li>You cannot Tag a flow log<\/li>\n<li>After you&#8217;ve created a flow log, you cannot change its configuration &#8211; for example, you cann to associate a different IAM role with a flow log.<\/li>\n<li>Not all traffic is monitored\n<ul>\n<li>Traffic to and from Amazon DNS services.<\/li>\n<li>Traffic generated by a Windows instance for Amazon Windows license activation.<\/li>\n<li>Traffic to and from 169.254.169.254 for instance metadata<\/li>\n<li>DHCP traffic<\/li>\n<li>Traffic to the reserved IP address for the default VPC router.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>VPC Flow Logs VPC FLow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data is stored using Amazon CloudWatch logs.\u00a0 After you&#8217;ve created a flow log, you can view and retrieve its data in Amazon CloudWatch Logs. Flow ..<\/p>\n<div class=\"clear-fix\"><\/div>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/?p=948\" title=\"read more...\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-948","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/948","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=948"}],"version-history":[{"count":1,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/948\/revisions"}],"predecessor-version":[{"id":949,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/948\/revisions\/949"}],"wp:attachment":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=948"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=948"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=948"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}