Working With VPC Flowlogs
We need flowlogs to capture ingress/egress from/to our VPC, with flowlogs we capture network packets either in CloudWatch Logs or S3 bucket
Let’s setup Flowlogs working with CloudWatch logs
- Go to Cloudwatch from service menu > Logs > Create Log Group
- Input Name and create
- Go to VPC > Your VPCs > select MyFirstVPC > Actions > Create flow log
- Since VPC flowlogs will write logs to cloudwatch logs, so we need to Set Up Permissions first
- Click Allow
- Now go back to previous tab select Destination log group which we create in cloudwatch logs
For IAM role first click on refresh button and then select the IAM role
Click Create
- Once to flowlogs are in place, try to ping public EC2 instance for your local machine (you might need to allow ICMP in security group)
- Now to CloudWatch > Logs > select FlowLogs
- here’s your log stream
- And here are your VPC network flowlogs