With Virtual Private Cloud (VPC) Flow Logs, you can capture information about the IP traffic going to and from network interfaces in your VPC.
You can create flow logs through the AWS portal.
Procedure
- Sign in to the AWS console.
- In the Find Service text box, enter and select CloudWatch.
- Go to .
The
Create log group window appears.
- In the Create Group Name field, enter a group name and click Create log group.
Note: You should set the
Retention setting to
1 day.
vRealize Network Insight does not retrieve data older than one day, and setting the retention to 1 day, saves on AWS expenses.
- In the left navigation pane, click Service and then enter and select VPC.
- In the VPC Dashboard page, click Your VPCs.
- Select the VPC that you want to modify, and click .
- In the Create flow log window, configure the flow log:
Option |
Action |
Filter |
Select one of the following: Accept, Reject, or All. |
Destination |
Select Send to CloudWatch Logs. |
Destination log group |
Select the log group you created. |
- Click Set Up Permissions.
The system opens the
VPC Flow Logs is requesting permission to use resources in your account page.
- Create an IAM role.
- In the VPC Flow Logs is requesting permission to use resources in your account page, in the IAM Role, select Create a new IAM Role.
- In the Role Name text box, enter a role name.
- Click Allow.
- On the Create flow log page, in the IAM role drop-down, select the role you created.
- Click Create