Send data via VPC Flow Logs to your Logstash instance provided by Logit.io

VPC Flow Logs

Ship logs from VPC to logstash

Step 1 - Confirm S3 Bucket

Ensure your logs are being sent to an S3 bucket. The following guide from Amazon will help you achieve this if you are not doing this already, you can choose the best way to achieve this, but cloudwatch or cloudtrail are a great place to start:

VPC Flow Logs

Step 2 - Ensure Adequate Bucket Permissions

The following permissions applied to the AWS IAM Policy being used:

  • s3:ListBucket to check if the S3 bucket exists and list objects in it.
  • s3:GetObject to check object metadata and download objects from S3 buckets.

Below is how your permissions should appear:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "SidID",
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:ListBucket"
             ],
            "Resource": [
                "arn:aws:s3:::your-bucket/*"
            ]
        }
    ]
 }

Step 3 - Start Sending Logs to a Stack

To start sending logs from VPC Flow to your stack you need to setup and apply an AWS input on an available stack.

Logit.io will verify your input before it is applied this should be actioned in less than 24 hours, we will contact you to verify.

Login

Step 4 - VPC Flow Logs Overview

Using AWS VPC Flow Logs enables you to capture key information about the IP traffic interacting with network interfaces in your virtual private cloud. This data often includes protocols used for sending log data, source & destination IPs, account & network IDs, as well as log record statuses.

Amazon’s VPC technology is hugely flexible & is relied on by DevOps to ensure visibility when building a large number of public and private facing assets for testing and development.

The information stored in flow logs can allow your team to easily answer questions around repeat sessions, geographic patterns of network traffic & where attempts have been made to try and breach security vulnerabilities in your applications.

VPC flow logs can be easily indexed with our platform using Logstash, allowing you to visualise and report on activity across services & identify bottlenecks in Amazon Web Services. Efficiently monitoring this data is critical for maintaining compliance in AWS among cloud, microservices, and virtual infrastructure.

If you need any further assistance with analysing your VPC flow logs we're here to help you get started. Feel free to reach out by contacting our support team by visiting our dedicated Help Centreor via live chat & we'll be happy to assist.

If you need any further assistance with analysing your VPC flexibleow logs we're here to help you get started. Feel free to reach out by contacting our support team by visiting our dedicated Help Centre or via live chat & we'll be happy to assist.

expand view

Expand View

compact view

Compact View

Return to Search
Sign Up