DEV Community

mahpara jabbar
mahpara jabbar

Posted on

VPC Flow Logs Setup

In the VPC Flow Logs Setup lab, we will configure VPC Flow Logs in AWS to monitor and analyze network traffic within a Virtual Private Cloud (VPC). we will create a VPC with public and private subnets, launch EC2 instances, and enable Flow Logs to capture traffic data, which is then sent to CloudWatch Logs for analysis. This lab provides hands-on experience in using VPC Flow Logs for security monitoring, troubleshooting, and gaining insights into network activity in AWS.

Summary:

  • Create a VPC
  • Create a VPC
  • Create an Internet Gateway
  • Configure Route Tables
  • Launch EC2 Instances
  • Enable VPC Flow Logs
  • Analyze Flow Logs

Create a VPC

  • Login to AWS Management Console.
  • Navigate to VPC under the Networking & Content Delivery section.
  • Click on Create VPC.
  • Name tag: vpc-flowlog-lab
  • IPv4 CIDR block: 10.0.0.0/24
  • Leave the rest of the settings as default and click Create VPC.

Image description

Create Subnets
In your VPC, create two subnets:

Public Subnet:

  • Name tag: PublicSubnet
  • Availability Zone: Choose any available one
  • IPv4 CIDR block: 10.0.0.0/25

Private Subnet:

  • Name tag: PrivateSubnet
  • Availability Zone: Same as the public subnet
  • IPv4 CIDR block: 10.0.0.128/25

Image description

Create an Internet Gateway

  • Navigate to Internet Gateways.
  • Click Create internet gateway.
  • Name tag: vpc-flowlog-igw
  • Attach this Internet Gateway to your VPC.

Configure Route Tables

Public Route Table:

  • Name tag: PublicRouteTable
  • Associate it with the Public Subnet.
  • Edit routes: Add a route with the destination 0.0.0.0/0 and the target as the Internet Gateway.

Image description

Private Route Table:

  • Name tag: PrivateRouteTable
  • Associate it with the Private Subnet.
  • No need to add any routes to the Internet Gateway.

Launch EC2 Instances

Public EC2 Instance:

  • Launch an EC2 instance in the Public Subnet.
  • Instance Type: t2.micro
  • Security Group: Allow inbound SSH (22) and HTTP (80) traffic.

Private EC2 Instance:

  • Launch another EC2 instance in the Private Subnet.
  • Instance Type: t2.micro
  • Security Group: Allow inbound SSH (22) only from the Public EC2 instance's private IP.

Enable VPC Flow Logs

  • Navigate to the VPC Dashboard.
  • Select Flow Logs under Your VPCs.
  • Click Create flow log.
  • Filter: Choose All to capture all traffic (you can also choose Reject or Accept depending on your needs).
  • Destination: Choose Send to CloudWatch Logs.
  • Log Group Name: Create a new log group (e.g., vpc-flowlog-lab-logs).
  • IAM Role: If you don’t have a role, create one with the necessary permissions (the IAM role should allow VPC Flow Logs to publish to CloudWatch Logs).
  • Click Create flow log.

Analyze Flow Logs

  • Navigate to CloudWatch Logs.
  • Find your Log Group and click on it.
  • View the log streams to see the VPC traffic information.
  • You can filter and analyze the logs to see traffic details, such as source/destination IPs, traffic accept/reject status, etc.

Test Traffic Between Instances

  • SSH into the public instance.
  • From the public instance, try to ping the private instance using its private IP.
  • Observe the Flow Logs in CloudWatch to see the traffic being logged.

Billboard image

Use Playwright to test. Use Playwright to monitor.

Join Vercel, CrowdStrike, and thousands of other teams that run end-to-end monitors on Checkly's programmable monitoring platform.

Get started now!

Top comments (0)

Image of Timescale

Timescale – the developer's data platform for modern apps, built on PostgreSQL

Timescale Cloud is PostgreSQL optimized for speed, scale, and performance. Over 3 million IoT, AI, crypto, and dev tool apps are powered by Timescale. Try it free today! No credit card required.

Try free

👋 Kindness is contagious

Explore a sea of insights with this enlightening post, highly esteemed within the nurturing DEV Community. Coders of all stripes are invited to participate and contribute to our shared knowledge.

Expressing gratitude with a simple "thank you" can make a big impact. Leave your thanks in the comments!

On DEV, exchanging ideas smooths our way and strengthens our community bonds. Found this useful? A quick note of thanks to the author can mean a lot.

Okay