In the VPC Flow Logs Setup lab, we will configure VPC Flow Logs in AWS to monitor and analyze network traffic within a Virtual Private Cloud (VPC). we will create a VPC with public and private subnets, launch EC2 instances, and enable Flow Logs to capture traffic data, which is then sent to CloudWatch Logs for analysis. This lab provides hands-on experience in using VPC Flow Logs for security monitoring, troubleshooting, and gaining insights into network activity in AWS.
Summary:
- Create a VPC
- Create a VPC
- Create an Internet Gateway
- Configure Route Tables
- Launch EC2 Instances
- Enable VPC Flow Logs
- Analyze Flow Logs
Create a VPC
- Login to AWS Management Console.
- Navigate to VPC under the Networking & Content Delivery section.
- Click on Create VPC.
- Name tag: vpc-flowlog-lab
- IPv4 CIDR block: 10.0.0.0/24
- Leave the rest of the settings as default and click Create VPC.
Create Subnets
In your VPC, create two subnets:
Public Subnet:
- Name tag: PublicSubnet
- Availability Zone: Choose any available one
- IPv4 CIDR block: 10.0.0.0/25
Private Subnet:
- Name tag: PrivateSubnet
- Availability Zone: Same as the public subnet
- IPv4 CIDR block: 10.0.0.128/25
Create an Internet Gateway
- Navigate to Internet Gateways.
- Click Create internet gateway.
- Name tag: vpc-flowlog-igw
- Attach this Internet Gateway to your VPC.
Configure Route Tables
Public Route Table:
- Name tag: PublicRouteTable
- Associate it with the Public Subnet.
- Edit routes: Add a route with the destination 0.0.0.0/0 and the target as the Internet Gateway.
Private Route Table:
- Name tag: PrivateRouteTable
- Associate it with the Private Subnet.
- No need to add any routes to the Internet Gateway.
Launch EC2 Instances
Public EC2 Instance:
- Launch an EC2 instance in the Public Subnet.
- Instance Type: t2.micro
- Security Group: Allow inbound SSH (22) and HTTP (80) traffic.
Private EC2 Instance:
- Launch another EC2 instance in the Private Subnet.
- Instance Type: t2.micro
- Security Group: Allow inbound SSH (22) only from the Public EC2 instance's private IP.
Enable VPC Flow Logs
- Navigate to the VPC Dashboard.
- Select Flow Logs under Your VPCs.
- Click Create flow log.
- Filter: Choose All to capture all traffic (you can also choose Reject or Accept depending on your needs).
- Destination: Choose Send to CloudWatch Logs.
- Log Group Name: Create a new log group (e.g., vpc-flowlog-lab-logs).
- IAM Role: If you don’t have a role, create one with the necessary permissions (the IAM role should allow VPC Flow Logs to publish to CloudWatch Logs).
- Click Create flow log.
Analyze Flow Logs
- Navigate to CloudWatch Logs.
- Find your Log Group and click on it.
- View the log streams to see the VPC traffic information.
- You can filter and analyze the logs to see traffic details, such as source/destination IPs, traffic accept/reject status, etc.
Test Traffic Between Instances
- SSH into the public instance.
- From the public instance, try to ping the private instance using its private IP.
- Observe the Flow Logs in CloudWatch to see the traffic being logged.
Top comments (0)