Create AWS VPC Flow Log
With Virtual Private Cloud (VPC) Flow
Logs, you can capture information about the IP traffic going to and from network interfaces
in your VPC.
You can create flow logs through the AWS
portal.
- Sign in to the AWS console.
- In theFind Servicetext box, enter and selectCloudWatch.
- Go to .TheCreate log groupwindow appears.
- In theCreate Group Namefield, enter a group name and clickCreate log group.You should set theRetention settingto1 day.VMware Aria Operations for Networksdoes not retrieve data older than one day, and setting the retention to 1 day, saves on AWS expenses.
- In the left navigation pane, clickServiceand then enter and selectVPC.
- In theVPC Dashboardpage, clickYour VPCs.
- Select the VPC that you want to modify, and click .
- In theCreate flow logwindow, configure the flow log:OptionActionFilterSelect one of the following:Accept,Reject, orAll.DestinationSelectSend to CloudWatch Logs.Destination log groupSelect the log group you created.
- ClickSet Up Permissions.The system opens theVPC Flow Logs is requesting permission to use resources in your accountpage.
- Create an IAM role.
- In theVPC Flow Logs is requesting permission to use resources in your accountpage, in theIAM Role, selectCreate a new IAM Role.
- In theRole Nametext box, enter a role name.
- ClickAllow.
- On theCreate flow logpage, in theIAM roledrop-down, select the role you created.
- ClickCreate
Flow log starts publishing on the selected log group.
For more information
about
VPC Flow Log,
see
the AWS documentation at https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#create-flow-log.