AWS Config Rule: VPC Flow Logs Enabled


Fernando Honig

Last Update 1 個月前

Description: Checks whether Amazon Virtual Private Cloud flow logs are found and enabled for Amazon VPC.

Trigger type: Periodic

AWS Region: All supported AWS regions except Israel (Tel Aviv) Region

How to Resolve Manually

To resolve this manually, you will need to enable the flow logs in the VPC Dashboard and also construct a destination. This could be an S3 Bucket, but it may be simpler to use CloudWatch Logs for this solution.

Once you have selected your desired VPC within the VPC Dashboard, hit Create Flow Log

You will need to assign a Name to your flow log, choose a CloudWatch destination Log Group (Will need to be constructed before this step) and also ensure you have an IAM role ready to use, which will need permission to publish to the CloudWatch log group.

Once these values have been submitted, you will be able to review your newly created log group in the Flow Logs tab of your VPC and confirm the status is working as expected.

How to Resolve with StackZone

You can resolve with StackZone by enabling the VPC FlowLogs Enabled Remediation.

Go to Baseline Services > Config Rules Global > VPC > Remediation and enable VPC FlowLogs Remediation

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

1 out of 1 liked this article

Still need help? Message Us