AWS Config Rule: VPC Flow Logs Enabled
VPC_FLOW_LOGS_ENABLED
Fernando Honig
Last Update 5 maanden geleden
Description: Checks whether Amazon Virtual Private Cloud flow logs are found and enabled for Amazon VPC.
Trigger type: Periodic
AWS Region: All supported AWS regions except Israel (Tel Aviv) Region
How to Resolve Manually
To resolve this manually, you will need to enable the flow logs in the VPC Dashboard and also construct a destination. This could be an S3 Bucket, but it may be simpler to use CloudWatch Logs for this solution.
Once you have selected your desired VPC within the VPC Dashboard, hit Create Flow Log
You will need to assign a Name to your flow log, choose a CloudWatch destination Log Group (Will need to be constructed before this step) and also ensure you have an IAM role ready to use, which will need permission to publish to the CloudWatch log group.
Once these values have been submitted, you will be able to review your newly created log group in the Flow Logs tab of your VPC and confirm the status is working as expected.
How to Resolve with StackZone
You can resolve with StackZone by enabling the VPC FlowLogs Enabled Remediation.
Go to Baseline Services > Config Rules Global > VPC > Remediation and enable VPC FlowLogs Remediation
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here