VPC flow logs


Introduction to Amazon CloudWatch
Amazon CloudWatch Operations
Anomaly Detection
PREVIEW14m 35s
Amazon EventBridge
Deeper Dive
AWS CloudTrail
AWS Cost Management Tools
6m 51s
Start course
3h 30m

This section of the SysOps Administrator - Associate learning path introduces you to the different monitoring and reporting services and tools that are relevant to the SOA-C02 exam. We look at both the monitoring of your infrastructure, in addition to the reporting of your bills.

Learning Objectives

  • Understand how Amazon CloudWatch is used to monitoring the performance of your infrastructure
  • Learn how to identify anomalies in your infrastructure using Amazon CloudWatch
  • Learn how Amazon EventBridge makes it easier to build event-driven applications at scale
  • Learn about the different methods of logging that are available
  • Understand how to review your costs and optimize them going forward

Hi and welcome to this lecture.

In this lecture, we'll talk about VPC flow logs. We will have a super fast overview about what flow logs are, and then we will go to the AWS Console and learn how to enable VPC flow logs.

So, VPC flow logs enables you to capture information about the IP traffic going to and from network interfaces in your VPC. So, it is a way to log packages that are passing through your VPC. So if you have any request that was denied or accepted for an instance inside your VPC, we will know about that particular request. It is great for troubleshooting and security purposes because you can check, for example, if your security groups or network ACLs are working as expected. You can check if an internal file too is working as expected. And, you can also check that if there is some suspicious or malicious traffic coming to your VPC.

The logs are going to be stored on CloudWatch Logs. For example, AWS CLI, or some other SDK to consume those logs. You park them into an application and do all sorts of stuff with the AWS API. Let's go to the AWS Console and learn how to enable VPC logs.

So here on the AWS Console, let's click on VPC. And here in the VPC Console, we want to select our VPCs. So, I'll click in here and select our Pizza Time VPC. Go on Actions, and select Create Flow Log. And in here, we can create a filter for the packages that we are going to monitor. In this case, I will use All. And, we need to create an IAM Rule. This IAM Rule needs to have access on CloudWatch Logs. Since I don't have any specific role for that, I will click in here, just set up permissions. And, we can create very quickly a new IAM Role. So, I will call it vpc flow logs, role. And, I will click on Allow.

And very fast, we have a new IAM Role configured. So, we can go back in here and select our VPC flow log's role. And in here, we need also to specify a Destination Log Group inside CloudWatch Logs. If you don't have one already, you can specify a name and this Wizard will create a new log group for us. So, I'll call it pizza time vpc logs. And, simply click on Create Flow Log.

Now if you take a look in here, we can see that we have a new VPC flow log configure and active. So, we can start sending requests to the instance, and later on, check the results on CloudWatch Logs. I will stop the video, make a few requests on my EC2 instances, and then I will get back, just to show you the results on the CloudWatch Logs Console.

So, I did a few requests in our Pizza Time application. And now, we can check the results in the CloudWatch Logs Page. We have two ways of checking the logs. We could simply go in here in Services, access the CloudWatch Service, and go in Logs, select the Log Group and see the logs. So, Logs, the pizza time vcp logs. Or, we can simply in here select our VPC, go on Flow Logs, and click on the VPC Flow Logs. It's the same page, so no matter what path you choose, you end up in the same place.

And in here, we have a log stream for each network interface inside our VPC. And if you take a better look inside those log streams, we can see a few requests have been made in here. And, we see the results in here, and we have some other information about the request itself.

About the Author
Learning Paths

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.