You're reading from AWS Security Cookbook Practical solutions for securing AWS cloud infrastructure with essential services and best practices

Product type Paperback

Published in Oct 2024

Publisher Packt

ISBN-13 9781835081891

Length 428 pages

Edition 2nd Edition

Concepts

Cloud Security

Author (1):

Kanikathottu

Preface

1. Chapter 1: Setting Up AWS Accounts and Organization

2. Chapter 2: Access Management with IAM Policies and Roles FREE CHAPTER

3. Chapter 3: Key Management with KMS and CloudHSM

4. Chapter 4: Securing Data on S3 with Policies and Techniques

5. Chapter 5: Network and EC2 Security with VPCs

6. Chapter 6: Web Security Using Certificates, CDNs, and Firewalls

7. Chapter 7: Monitoring with CloudWatch, CloudTrail, and Config

8. Chapter 8: Compliance with GuardDuty, Macie, Inspector, and Analyzer

9. Chapter 9: Advanced Identity and Directory Management

10. Chapter 10: Additional Services and Practices for AWS Security

11. Index

12. Other Books You May Enjoy

Configuring and using VPC flow logs

In this recipe, we will enable flow logs at the VPC level.

We need the following resources for completing the steps within this recipe:

A CloudWatch log group will be needed. The detailed steps are provided later in this section.
We need to set up a VPC. If one hasn’t been created previously, please refer to the Creating a bare VPC and setting up public and private subnets recipe.
An IAM role with permissions to publish to the CloudWatch log group with full access will also be needed.

We can perform the following steps to create a CloudWatch log group:

Go to the CloudWatch service in the AWS console.
Click on Logs from the left sidebar.
Click on Log groups and click on Create log group.
Give the log group a name that describes its purpose, keep the other values as their defaults, and click on Create.