With Virtual Private Cloud (VPC) Flow Logs, you can capture information about the IP traffic going to and from network interfaces in your VPC.
You can create flow logs through the AWS portal.
- Sign in to the AWS console.
- In the Find Service text box, enter and select CloudWatch.
- Go to
. The Create log group window appears.
- In the Create Group Name field, enter a group name and click Create log group.
- In the top navigation pane, click Service and then enter and select VPC.
- In the VPC Dashboard page, click Your VPCs.
- Select the VPC that you want to modify, and click .
- In the Create flow log window, configure the flow log:
Option Action Filter Select one of the following: Accept, Reject, or All. Destination Select Send to CloudWatch Logs. Destination log group Select the log group you created.
- Click Set Up Permissions.
The system opens the VPC Flow Logs is requesting permission to use resources in your account page.
- Create an IAM role.
- In the VPC Flow Logs is requesting permission to use resources in your account page, in the IAM Role, select Create a new IAM Role.
- In the Role Name text box, enter a role name.
- Click Allow.
- On the Create flow log page, in the IAM role drop-down, select the role you created.
- Click Create
Flow log starts publishing on the selected log group. For more information about VPC Flow Log, see the AWS documentation at https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#create-flow-log.