Hello Readers! This blog will show how to set up VPC flow logs to S3 and CloudWatch. So, let’s see what are VPC flow logs and how to set up VPC flow logs. We can view flow logs through S3 and there are also other options like AWS Cloudwatch log groups. These flow logs play a very significant role in debugging flows also.
What are VPC Flow logs?
VPC Flow log is an agentless log collection mechanism that collects all logs generated in your VPC. Here the logs are the IP traffic that is flowing through the interface. We can analyze and troubleshoot our network connectivity within our VPC. For analyzing the VPC flow logs we have options like S3 and Cloudwatch.
Let’s dig more into it!!
Setup VPC Flow logs to S3:
Below is the VPC that I have created for which I want to set up my flow logs.
Follow the following blog for the process of creation of your own VPC:
On a similar page, we will get an option for flow logs. Click on Create Flow logs:
Provide here some information that is needed for its creation. Give here the name as per your wish.
Now select the type of traffic you want to capture. I am selecting here the All. Apply filter as per your need.
This is an s3 bucket that I have created for analyzing my VPC flow logs.
Select here the destination and fill here your s3 bucket ARN:
We will leave the rest options as default or we can change also as per our requirements. Click on create flow log.
Our VPC flow logs have been successfully created as we can see below.
Let’s move inside our s3 bucket you will find a folder inside that in which we can find our VPC flow logs.
So, for the first time, it will take 5-10 minutes to load all the logs into this bucket.
Now I am able to see my all logs inside my S3 bucket as you can see below:
And if you want to download any of these log files then we can.
The downloaded file should look like this in which you will find all the detailed views of VPC flow logs:
Following is the format for a VPC flow log:
${version} ${account-id} ${interface-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${protocol} ${packets} ${bytes} ${start} ${end} ${action} ${log-status}
And this is my ec2 instance from which I was sending the traffic into my VPC.
So, this is how we can analyze and troubleshoot our connectivity with VPC. This is really helpful to get details of all the traffic that is flowing through this VPC.
Conclusion:
Thank you for sticking to the end. In this blog, we have learned how we can set up VPC flow logs to an S3 bucket. This makes our log very easy to recognize. If you like this blog, please share this blog and show your appreciation by giving thumbs-ups, and don’t forget to give me suggestions on how I can improve my future posts that can suit your needs.
HAPPY LEARNING!
