With Virtual Private Cloud (VPC) Flow Logs, you can capture information about the IP traffic going to and from network interfaces in your VPC.

You can create flow logs through the AWS portal.

Procedure

  1. Sign in to the AWS console.
  2. In the Find Service text box, enter and select CloudWatch.
  3. Go to Logs > Action > Create log group.
    The Create log group window appears.
  4. In the Create Group Name field, enter a group name and click Create log group.
    Note: You should set the Retention setting to 1 day. vRealize Network Insight does not retrieve data older than one day, and setting the retention to 1 day, saves on AWS expenses.
  5. In the top navigation pane, click Service and then enter and select VPC.
  6. In the VPC Dashboard page, click Your VPCs.
  7. Select the VPC that you want to modify, and click Flow Logs > Create flow log.
  8. In the Create flow log window, configure the flow log:
    Option Action
    Filter Select one of the following: Accept, Reject, or All.
    Destination Select Send to CloudWatch Logs.
    Destination log group Select the log group you created.
  9. Click Set Up Permissions.
    The system opens the VPC Flow Logs is requesting permission to use resources in your account page.
  10. Create an IAM role.
    1. In the VPC Flow Logs is requesting permission to use resources in your account page, in the IAM Role, select Create a new IAM Role.
    2. In the Role Name text box, enter a role name.
    1. Click Allow.
  11. On the Create flow log page, in the IAM role drop-down, select the role you created.
  12. Click Create

Results

Flow log starts publishing on the selected log group. For more information about VPC Flow Log, see the AWS documentation at https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#create-flow-log.