Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: VPC flow logs should be enabled

Ensure VPC flow logs are enabled as per Controls for closed systems benchmark.

RuleVPC flow logs should be enabled
FrameworkGxP 21 CFR Part 11
Severity
High

Rule Description:

VPC flow logs should be enabled for GxP 21 CFR Part 11 compliance. GxP (Good Practice) refers to a set of guidelines and regulations that ensure the integrity, reliability, and quality of pharmaceutical, biotechnological, and other regulated products. 21 CFR Part 11 specifically focuses on electronic records and signatures within the pharmaceutical industry. Enabling VPC flow logs helps to capture detailed information about the network traffic flow within a Virtual Private Cloud (VPC) to meet the compliance requirements of GxP 21 CFR Part 11.

These flow logs provide invaluable insights into network traffic, such as the source and destination IP addresses, ports, protocols used, packet and byte counts, and timestamps. By enabling VPC flow logs, organizations can monitor and analyze network traffic, detect security threats, troubleshoot connectivity issues, identify unauthorized access attempts, and meet regulatory compliance standards.

Troubleshooting Steps (if applicable):

  2. 1.

    Ensure sufficient permissions: Make sure you have the necessary permissions to enable VPC flow logs in your AWS account. The required permissions include 

    logs:CreateLogGroup
    , 
    logs:CreateLogStream
    , and 
    logs:PutLogEvents
    .

  4. 2.

    Verify VPC flow log support: Ensure that your VPC supports flow logs. Flow logs are available for Amazon VPC, AWS Transit Gateway, and AWS Elastic Network Interface (ENI).

  6. 3.

    Check VPC Flow Logs limit: Verify if you have reached the limits for VPC Flow Logs in your AWS account. By default, AWS allows a maximum of 10 flow logs per region per account.

  8. 4.

    Validate VPC flow log configuration: Double-check your VPC flow log configuration to ensure it captures the necessary information for compliance with GxP 21 CFR Part 11. Make sure the log format includes relevant fields such as source IP, destination IP, protocol, source port, destination port, packet count, byte count, and timestamp.

  10. 5.

    Review log delivery settings: Validate the log delivery settings to confirm that flow logs are being sent to the desired destination, such as Amazon S3 buckets, Amazon CloudWatch Logs group, or AWS Elasticsearch. Ensure that the appropriate permissions are set to allow access to these destinations.

Necessary Codes (if applicable):

No specific code is required to enable VPC flow logs. The configuration is done through the AWS Management Console, AWS CLI (Command Line Interface), or AWS SDKs (Software Development Kits).

Step-by-Step Guide for Remediation:

To enable VPC flow logs for GxP 21 CFR Part 11 compliance, follow these step-by-step instructions:

  2. 1.

    AWS Management Console:

    2. 1.
      Log in to the AWS Management Console.
    4. 2.
      Open the Amazon VPC service.
    6. 3.
      Select the desired VPC from the list.
    8. 4.
      Go to the "Flow Logs" tab.
    10. 5.
      Click on "Create Flow Log" or "Create flow log" button.
    12. 6.
      Define the flow log settings:
      • Provide a unique name for the flow log.
      • Choose the desired IAM role for publishing flow logs.
      • Select the log destination, such as Amazon S3, CloudWatch Logs, or AWS Elasticsearch Service.
      • Customize the log format if necessary.
    14. 7.
      Click on "Create" or "Save" to enable VPC flow logs.
  4. 2.

    AWS CLI:

    2. 1.

      Open your preferred command line interface.

    4. 2.

      Make sure you have installed and configured the AWS CLI with the necessary IAM credentials.

    6. 3.

      Use the following command to enable VPC flow logs:

      aws ec2 create-flow-logs --resource-ids <VPC_ID> --resource-type VPC --traffic-type ALL --log-group-name <LOG_GROUP_NAME> --deliver-logs-permission-arn arn:aws:iam::<ACCOUNT_ID>:role/FlowLogs-role

      Replace the following placeholders:

      • <VPC_ID>
        : The ID of the VPC for which you want to enable flow logs.
      • <LOG_GROUP_NAME>
        : The name of the log group where flow logs will be stored.
      • <ACCOUNT_ID>
        : Your AWS account ID.
    8. 4.

      Execute the command to enable VPC flow logs.

With VPC flow logs enabled, you will start capturing network traffic data for analysis, compliance auditing, and troubleshooting purposes. Ensure that the logs are regularly monitored and alerts or notifications are set up to detect any anomalies or security incidents.

Is your System Free of Underlying Vulnerabilities?
Find Out Now