VPC flow logging should be enabled¶
AWS VPC Flow Logs provide visibility into network traffic that traverses the AWS VPC. Users can use the flow logs to detect anomalous traffic or insight during security workflows.
Console Remediation Steps¶
Navigate to VPC.
Select the desired VPC and select the Flow Logs tab.
Click the Create flow log button.
From the Filter drop-down, select Reject.
Select Send to CloudWatch Logs.
In Destination log group, enter a name or select an existing log group.
For IAM role, specify the name of the role that has permissions to publish logs to CloudWatch Logs.
CLI Remediation Steps¶
To enable VPC flow logging:
‘aws ec2 create-flow-logs –resource-type VPC –resource-ids [resourceIDs] –traffic-type ALL –log-group-name my-flow-logs –deliver-logs-permission-arn arn:aws:iam::123456789101:role/publishFlowLogs’