Guided Walkthroughs
Step-by-step configuration wizards for your environment
Dedicated Security Account
AWS Backup Strategy
VPC Connectivity Setup
Automated Patching
All Guides
Enable VPC Flow Logs for an existing VPC, subnet or network interface. Flow Logs enables you to capture information about the IP traffic going to and from network interfaces in your VPC.
Provide the following details to complete the template:
AWSTemplateFormatVersion: "2010-09-09"
Description: ""
Resources:
FlowLogs:
Type: "AWS::EC2::FlowLog"
Properties:
ResourceType: "VPC"
ResourceId: ""
TrafficType: "ALL"
LogDestinationType: "cloud-watch-logs"
LogDestination: ""
DeliverLogsPermissionArn:
Fn::GetAtt:
- "IamRoleForFlowLogs"
- "Arn"
IamRoleForFlowLogs:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Sid: ""
Effect: "Allow"
Principal:
Service: "vpc-flow-logs.amazonaws.com"
Action: "sts:AssumeRole"
Policies:
- PolicyName: "allow-access-to-cw-logs"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "logs:CreateLogGroup"
- "logs:CreateLogStream"
- "logs:PutLogEvents"
- "logs:DescribeLogGroups"
- "logs:DescribeLogStreams"
Resource: "*"
Parameters: {}
Metadata: {}
Conditions: {}