VPC Flow Logs Should Be Enabled
More Info:
Ensure VPC flow logs are enabledRisk Level
LowAddress
Operational Maturity, Reliability,SecurityCompliance Standards
HIPAA,ISO27001,SEBI,RBI_MD_ITF,RBI_UCB,CBP,GDPRTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of VPC Flow Logs not being enabled for an AWS EC2 instance using the AWS Management Console, follow these steps:
- Sign in to the AWS Management Console: Go to https://aws.amazon.com/ and sign in to your AWS account.
- Navigate to VPC Dashboard: From the AWS Management Console, navigate to the VPC service by clicking on “Services” in the top left corner, then selecting “VPC” under the Networking & Content Delivery section.
- Select the VPC: In the VPC Dashboard, locate the VPC where the EC2 instance is running that needs to have VPC Flow Logs enabled. Click on the VPC ID to open the details of the VPC.
- Enable VPC Flow Logs: In the VPC details page, locate the “Flow Logs” tab and click on it.
- Create a Flow Log: Click on the “Create Flow Log” button to create a new flow log for the VPC.
-
Configure Flow Log Settings:
- Filter: Choose the appropriate filter for the flow logs. You can select “All” for all network traffic or specify certain traffic based on your requirements.
- Destination: Choose the destination for the flow logs. You can send the logs to CloudWatch Logs or an S3 bucket. Select the appropriate option and configure the settings accordingly.
- IAM Role: If required, create or select an IAM role that grants necessary permissions for the flow logs.
- Enable the Flow Log: Review the settings and click on the “Create Flow Log” button to enable VPC Flow Logs for the selected VPC.
- Verify Flow Log Status: Once the flow log is created, verify that the status of the flow log is “Active” to ensure that it is successfully enabled.
Using CLI
Using CLI
To remediate the misconfiguration of VPC Flow Logs not being enabled for AWS EC2 using AWS CLI, follow these steps:Replace By following these steps, you can enable VPC Flow Logs for your AWS EC2 instance using AWS CLI.
- Check if VPC Flow Logs are enabled for the VPC where your EC2 instance is located:
- If VPC Flow Logs are not enabled for the VPC, create a new Flow Log for the VPC:
<VPC_ID> with the ID of the VPC where your EC2 instance is located, <LOG_GROUP_NAME> with the name of the CloudWatch Logs group where the flow logs will be stored, and <LOGGING_PERMISSION_ARN> with the ARN of the IAM role that grants permission to publish flow logs to CloudWatch Logs.- Verify that the Flow Logs are created successfully:
Using Python
Using Python
To remediate the misconfiguration of VPC Flow Logs not being enabled for AWS EC2 instances using Python, you can follow these steps:
- Import the necessary libraries:
- Initialize the AWS EC2 client:
- Get a list of all VPCs in the account:
- Enable VPC Flow Logs for each VPC:
- Ensure that the IAM role used has the necessary permissions to create and write to CloudWatch Logs.
-
Replace the IAM role ARN in the
DeliverLogsPermissionArnparameter with the ARN of the IAM role that has permissions to publish logs to CloudWatch Logs. -
Replace the
LogGroupNameparameter with the desired CloudWatch Logs log group name. - Run the Python script to enable VPC Flow Logs for all VPCs in the AWS account.