VPC Flow Logs Configuration
- Open VPC from the AWS console and select VPCs
- Select the VPC you wish to ingest logs from, select Flow logs, then Create flow log
- Complete the VPC flow log configuration by entering the appropriate name, filter, destination, log group, and IAM role. Note: if an existing role hasn’t been configured, clicking Set up permissions will aid in creating this for you, as pictured in the following step.
- If a service role for allowing VPC Flow Logs to put logs into a CloudWatch log group does not already exist, use the below as a guide for creating that IAM configuration by clicking Set up permissions as pictured in the previous image.
- Repeat for each VPC you wish to ingest logs from (using the same IAM role)
Now that you’ve configured AWS: VPC Flow Logs for Blumira, continue to the next step in configuring AWS for Blumira – configure AWS: GuardDuty >