Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: VPC Flow Logs Should Be Enabled

This rule states that VPC flow logs must be turned on to ensure high security in your surroundings.

RuleVPC flow logs should be enabled
FrameworkCISA-cyber-essentials
Severity
High

Rule Description:

VPC flow logs should be enabled for CISA-cyber-essentials. VPC flow logs capture information about the IP traffic going to and from network interfaces in your VPC. Enabling VPC flow logs provides valuable insights for network monitoring, troubleshooting, and security analysis. It helps in detecting potential security threats, identifying network anomalies, and ensuring compliance with regulatory requirements.

Troubleshooting:

If VPC flow logs are not enabled for CISA-cyber-essentials, you may face difficulties in diagnosing network connectivity issues, investigating security incidents, and meeting compliance obligations.

Code Example:

To enable VPC flow logs for CISA-cyber-essentials, you can use the AWS Command Line Interface (CLI) or AWS Management Console. Here is an example of enabling flow logs using the CLI:

aws ec2 create-flow-logs --resource-ids <your_vpc_id> --resource-type VPC --traffic-type ALL --log-group-name <your_log_group_name> --deliver-logs-permission-arn <your_log_delivery_permission_arn>

Replace

<your_vpc_id>
with the ID of your VPC,
<your_log_group_name>
with the desired log group name, and
<your_log_delivery_permission_arn>
with the permission ARN for delivering logs to a log storage service.

Remediation Steps:

  1. 1.

    Login to the AWS Management Console.

  2. 2.

    Navigate to the Amazon VPC service.

  3. 3.

    Select the VPC associated with CISA-cyber-essentials.

  4. 4.

    Under the "Logs" section, click on "Create Flow Log."

  5. 5.

    Configure the flow log settings:

    • Log Destination: Choose the desired storage service for the flow logs.
    • Log Format: Select the desired log format (e.g., AWS CloudWatch Logs).
    • IAM Role: Choose or create an IAM role with sufficient permissions for the flow log.
  6. 6.

    Specify the traffic to log:

    • Resource Type: Select "VPC" as the resource type.
    • Resource: Choose the VPC associated with CISA-cyber-essentials.
    • Traffic Type: Select "All" for capturing all traffic or choose specific types as per requirements.
  7. 7.

    Provide a unique name for the flow log and click on "Create Flow Log."

  8. 8.

    Verify that the flow log has been successfully created.

Verification:

To verify if VPC flow logs are successfully enabled for CISA-cyber-essentials, follow these steps:

  1. 1.

    Login to the AWS Management Console.

  2. 2.

    Navigate to the Amazon VPC service.

  3. 3.

    Select the VPC associated with CISA-cyber-essentials.

  4. 4.

    Under the "Logs" section, verify that a flow log is listed with the specified name.

  5. 5.

    Ensure that the flow log is delivering logs to the desired log storage service.

Once the verification is complete, the VPC flow logs are successfully enabled for CISA-cyber-essentials, providing enhanced network and security monitoring capabilities.

Is your System Free of Underlying Vulnerabilities?
Find Out Now