DEV Community

mahpara jabbar
mahpara jabbar

Posted on

VPC Flow Logs Setup

In the VPC Flow Logs Setup lab, we will configure VPC Flow Logs in AWS to monitor and analyze network traffic within a Virtual Private Cloud (VPC). we will create a VPC with public and private subnets, launch EC2 instances, and enable Flow Logs to capture traffic data, which is then sent to CloudWatch Logs for analysis. This lab provides hands-on experience in using VPC Flow Logs for security monitoring, troubleshooting, and gaining insights into network activity in AWS.

Summary:

  • Create a VPC
  • Create a VPC
  • Create an Internet Gateway
  • Configure Route Tables
  • Launch EC2 Instances
  • Enable VPC Flow Logs
  • Analyze Flow Logs

Create a VPC

  • Login to AWS Management Console.
  • Navigate to VPC under the Networking & Content Delivery section.
  • Click on Create VPC.
  • Name tag: vpc-flowlog-lab
  • IPv4 CIDR block: 10.0.0.0/24
  • Leave the rest of the settings as default and click Create VPC.

Image description

Create Subnets
In your VPC, create two subnets:

Public Subnet:

  • Name tag: PublicSubnet
  • Availability Zone: Choose any available one
  • IPv4 CIDR block: 10.0.0.0/25

Private Subnet:

  • Name tag: PrivateSubnet
  • Availability Zone: Same as the public subnet
  • IPv4 CIDR block: 10.0.0.128/25

Image description

Create an Internet Gateway

  • Navigate to Internet Gateways.
  • Click Create internet gateway.
  • Name tag: vpc-flowlog-igw
  • Attach this Internet Gateway to your VPC.

Configure Route Tables

Public Route Table:

  • Name tag: PublicRouteTable
  • Associate it with the Public Subnet.
  • Edit routes: Add a route with the destination 0.0.0.0/0 and the target as the Internet Gateway.

Image description

Private Route Table:

  • Name tag: PrivateRouteTable
  • Associate it with the Private Subnet.
  • No need to add any routes to the Internet Gateway.

Launch EC2 Instances

Public EC2 Instance:

  • Launch an EC2 instance in the Public Subnet.
  • Instance Type: t2.micro
  • Security Group: Allow inbound SSH (22) and HTTP (80) traffic.

Private EC2 Instance:

  • Launch another EC2 instance in the Private Subnet.
  • Instance Type: t2.micro
  • Security Group: Allow inbound SSH (22) only from the Public EC2 instance's private IP.

Enable VPC Flow Logs

  • Navigate to the VPC Dashboard.
  • Select Flow Logs under Your VPCs.
  • Click Create flow log.
  • Filter: Choose All to capture all traffic (you can also choose Reject or Accept depending on your needs).
  • Destination: Choose Send to CloudWatch Logs.
  • Log Group Name: Create a new log group (e.g., vpc-flowlog-lab-logs).
  • IAM Role: If you don’t have a role, create one with the necessary permissions (the IAM role should allow VPC Flow Logs to publish to CloudWatch Logs).
  • Click Create flow log.

Analyze Flow Logs

  • Navigate to CloudWatch Logs.
  • Find your Log Group and click on it.
  • View the log streams to see the VPC traffic information.
  • You can filter and analyze the logs to see traffic details, such as source/destination IPs, traffic accept/reject status, etc.

Test Traffic Between Instances

  • SSH into the public instance.
  • From the public instance, try to ping the private instance using its private IP.
  • Observe the Flow Logs in CloudWatch to see the traffic being logged.

Top comments (0)