VPC Flow Logs Setup

In the VPC Flow Logs Setup lab, we will configure VPC Flow Logs in AWS to monitor and analyze network traffic within a Virtual Private Cloud (VPC). we will create a VPC with public and private subnets, launch EC2 instances, and enable Flow Logs to capture traffic data, which is then sent to CloudWatch Logs for analysis. This lab provides hands-on experience in using VPC Flow Logs for security monitoring, troubleshooting, and gaining insights into network activity in AWS.

Summary:

• Create a VPC
• Create a VPC
• Create an Internet Gateway
• Configure Route Tables
• Launch EC2 Instances
• Enable VPC Flow Logs
• Analyze Flow Logs

Create a VPC

• Login to AWS Management Console.
• Navigate to VPC under the Networking & Content Delivery section.
• Click on Create VPC.
• Name tag: vpc-flowlog-lab
• IPv4 CIDR block: 10.0.0.0/24
• Leave the rest of the settings as default and click Create VPC.

Create Subnets
In your VPC, create two subnets:

Public Subnet:

• Name tag: PublicSubnet
• Availability Zone: Choose any available one
• IPv4 CIDR block: 10.0.0.0/25

Private Subnet:

• Name tag: PrivateSubnet
• Availability Zone: Same as the public subnet
• IPv4 CIDR block: 10.0.0.128/25

Create an Internet Gateway

• Navigate to Internet Gateways.
• Click Create internet gateway.
• Name tag: vpc-flowlog-igw
• Attach this Internet Gateway to your VPC.

Configure Route Tables

Public Route Table:

• Name tag: PublicRouteTable
• Associate it with the Public Subnet.
• Edit routes: Add a route with the destination 0.0.0.0/0 and the target as the Internet Gateway.

Private Route Table:

• Name tag: PrivateRouteTable
• Associate it with the Private Subnet.
• No need to add any routes to the Internet Gateway.

Launch EC2 Instances

Public EC2 Instance:

• Launch an EC2 instance in the Public Subnet.
• Instance Type: t2.micro
• Security Group: Allow inbound SSH (22) and HTTP (80) traffic.

Private EC2 Instance:

• Launch another EC2 instance in the Private Subnet.
• Instance Type: t2.micro
• Security Group: Allow inbound SSH (22) only from the Public EC2 instance's private IP.

Enable VPC Flow Logs

• Navigate to the VPC Dashboard.
• Select Flow Logs under Your VPCs.
• Click Create flow log.
• Filter: Choose All to capture all traffic (you can also choose Reject or Accept depending on your needs).
• Destination: Choose Send to CloudWatch Logs.
• Log Group Name: Create a new log group (e.g., vpc-flowlog-lab-logs).
• IAM Role: If you don’t have a role, create one with the necessary permissions (the IAM role should allow VPC Flow Logs to publish to CloudWatch Logs).
• Click Create flow log.

Analyze Flow Logs

• Navigate to CloudWatch Logs.
• Find your Log Group and click on it.
• View the log streams to see the VPC traffic information.
• You can filter and analyze the logs to see traffic details, such as source/destination IPs, traffic accept/reject status, etc.

Test Traffic Between Instances

• SSH into the public instance.
• From the public instance, try to ping the private instance using its private IP.
• Observe the Flow Logs in CloudWatch to see the traffic being logged.