36

Network Config Rules

Last Update a month ago

AWS Config Rule: WAF V2 Logging Enabled AWS Config Rule: WAF Regional Web ACL Not Empty AWS Config Rule: VPC Subnet Auto Assign Public IP Disabled AWS Config Rule: ACM Certificate Expiration Check AWS Config Rule: ALB HTTP To HTTPS Redirection Check

AWS Config Rule: VPC Flow Logs Enabled

VPC_FLOW_LOGS_ENABLED

Fernando Honig

Last Update 10 months ago

Description: Checks whether Amazon Virtual Private Cloud flow logs are found and enabled for Amazon VPC.


Trigger type: Periodic


AWS Region: All supported AWS regions

How to Resolve Manually

To resolve this manually, you will need to enable the flow logs in the VPC Dashboard and also construct a destination. This could be an S3 Bucket, but it may be simpler to use CloudWatch Logs for this solution.


Once you have selected your desired VPC within the VPC Dashboard, hit Create Flow Log


You will need to assign a Name to your flow log, choose a CloudWatch destination Log Group (Will need to be constructed before this step) and also ensure you have an IAM role ready to use, which will need permission to publish to the CloudWatch log group.


Once these values have been submitted, you will be able to review your newly created log group in the Flow Logs tab of your VPC and confirm the status is working as expected.

How to Resolve with StackZone

You can resolve with StackZone by enabling the VPC FlowLogs Enabled Remediation.


Go to Baseline Services > Config Rules Global > VPC > Remediation and enable VPC FlowLogs Remediation

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

1 out of 1 liked this article

Still need help? Message Us