Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Enable VPC Flow Logging Rule

This rule focuses on enabling VPC flow logging in all VPCs to ensure security and compliance.

RuleVPC flow logging should be enabled in all VPCs
FrameworkPCI v3.2.1
Severity
Medium

Rule/Policy Description:

VPC flow logging is a feature that enables the capture of metadata and network flow logs for network traffic within a Amazon Virtual Private Cloud (VPC). This rule states that VPC flow logging should be enabled in all VPCs that handle Payment Card Industry (PCI) data, following the PCI v3 compliance requirements.

Enabling VPC flow logging allows organizations to gain visibility into network traffic patterns, detect potential security threats, monitor compliance with regulatory requirements, and perform troubleshooting and analysis of network behavior.

Troubleshooting Steps:

If VPC flow logging is not enabled for a specific VPC, follow these troubleshooting steps to enable it:

  1. 1.

    Check if the VPC has existing flow logs:

    • Go to the AWS Management Console and navigate to the VPC service.
    • Select the desired VPC from the list.
    • Click on "Flow Logs" in the left-hand menu.
    • Verify if there are existing flow logs associated with the VPC. If no flow logs exist, proceed to the next step.
  2. 2.

    Enable VPC flow logging:

    • Select the desired VPC from the list.
    • Click on "Actions" and choose "Create Flow Log".
    • Configure the flow log settings, including the destination log group, IAM role, and traffic type to log (accepted, rejected, or both).
    • Click on "Create" to enable flow logging for the VPC.
  3. 3.

    Verify VPC flow logging status:

    • Go back to the list of VPCs and select the relevant VPC.
    • Click on "Flow Logs" in the left-hand menu.
    • Verify if the flow log state is "Active". If it is, VPC flow logging is successfully enabled.
    • If the state is "Inactive" or shows any other error, review the troubleshooting recommendations provided by AWS and rectify the issue accordingly.

Necessary Codes:

No specific codes are required for this rule. Enabling VPC flow logging can be done through the AWS Management Console, AWS CLI(Command-Line Interface), or AWS SDKs (Software Development Kits).

Step-by-Step Guide for Remediation:

Follow these steps to enable VPC flow logging for a specific VPC through the AWS Management Console:

  1. 1.

    Open the AWS Management Console and navigate to the VPC service.

  2. 2.

    Select the desired VPC from the list.

  3. 3.

    Click on "Actions" and choose "Create Flow Log".

  4. 4.

    Configure the flow log settings as follows:

    • Provide a name for the flow log.
    • Choose the role that grants permissions to publish flow logs to a CloudWatch Logs group. If a role doesn't exist, create one with the necessary permissions.
    • Select the log destination to specify the CloudWatch Logs group where the flow logs will be stored.
    • Choose the traffic type to log (accepted, rejected, or both).
  5. 5.

    Click on "Create" to enable flow logging for the VPC.

  6. 6.

    Verify the flow log status:

    • Go back to the list of VPCs and select the relevant VPC.
    • Click on "Flow Logs" in the left-hand menu.
    • Verify if the flow log state is "Active". If it is, VPC flow logging is successfully enabled.

Note: Keep in mind that enabling flow logging may incur additional costs for data storage in CloudWatch Logs. Make sure to review the pricing details and consider any necessary budget adjustments.

Is your System Free of Underlying Vulnerabilities?
Find Out Now