This rule states that VPC flow logs must be turned on to ensure high security in your surroundings.
Rule | VPC flow logs should be enabled |
Framework | CISA-cyber-essentials |
Severity | ✔ High |
Rule Description:
VPC flow logs should be enabled for CISA-cyber-essentials. VPC flow logs capture information about the IP traffic going to and from network interfaces in your VPC. Enabling VPC flow logs provides valuable insights for network monitoring, troubleshooting, and security analysis. It helps in detecting potential security threats, identifying network anomalies, and ensuring compliance with regulatory requirements.
Troubleshooting:
If VPC flow logs are not enabled for CISA-cyber-essentials, you may face difficulties in diagnosing network connectivity issues, investigating security incidents, and meeting compliance obligations.
Code Example:
To enable VPC flow logs for CISA-cyber-essentials, you can use the AWS Command Line Interface (CLI) or AWS Management Console. Here is an example of enabling flow logs using the CLI:
aws ec2 create-flow-logs --resource-ids <your_vpc_id> --resource-type VPC --traffic-type ALL --log-group-name <your_log_group_name> --deliver-logs-permission-arn <your_log_delivery_permission_arn>
Replace
<your_vpc_id>
with the ID of your VPC, <your_log_group_name>
with the desired log group name, and <your_log_delivery_permission_arn>
with the permission ARN for delivering logs to a log storage service.Remediation Steps:
Login to the AWS Management Console.
Navigate to the Amazon VPC service.
Select the VPC associated with CISA-cyber-essentials.
Under the "Logs" section, click on "Create Flow Log."
Configure the flow log settings:
Specify the traffic to log:
Provide a unique name for the flow log and click on "Create Flow Log."
Verify that the flow log has been successfully created.
Verification:
To verify if VPC flow logs are successfully enabled for CISA-cyber-essentials, follow these steps:
Login to the AWS Management Console.
Navigate to the Amazon VPC service.
Select the VPC associated with CISA-cyber-essentials.
Under the "Logs" section, verify that a flow log is listed with the specified name.
Ensure that the flow log is delivering logs to the desired log storage service.
Once the verification is complete, the VPC flow logs are successfully enabled for CISA-cyber-essentials, providing enhanced network and security monitoring capabilities.