Overview

Flow Logs enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow Logs can be enabled on a VPC, subnet, or network interface level.

Configuration Templates

Items
3
Size
1.3 KB
Missing Parameters
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
  FlowLogs:
    Type: 'AWS::EC2::FlowLog'
    Properties:
      ResourceType: VPC
      ResourceId: ''
      TrafficType: ALL
      LogDestinationType: cloud-watch-logs
      LogGroupName: FlowLogs
      DeliverLogsPermissionArn:
        'Fn::GetAtt':
          - IamRoleForFlowLogs
          - Arn
  FlowLogsGroup:
    Type: 'AWS::Logs::LogGroup'
    Properties:
      LogGroupName: FlowLogs
  IamRoleForFlowLogs:
    Type: 'AWS::IAM::Role'
    Properties:
      RoleName: iamRoleFlowLogsToCloudWatchLogs
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Sid: ''
            Effect: Allow
            Principal:
              Service: vpc-flow-logs.amazonaws.com
            Action: 'sts:AssumeRole'
      Policies:
        - PolicyName: allow-access-to-cw-logs
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: Allow
                Action:
                  - 'logs:CreateLogGroup'
                  - 'logs:CreateLogStream'
                  - 'logs:PutLogEvents'
                  - 'logs:DescribeLogGroups'
                  - 'logs:DescribeLogStreams'
                Resource: '*'
Parameters: {}
Metadata: {}
Conditions: {}

Actions


Customize Cf Template
* Required field

Sources and Documentation

Configuration Source: AWS Documentation

Additional Documentation: