LAB : Create VPC Flow Logs and Generate Traffic

LAB: Create an AWS VPC and VPC Flow Logs.

Topology:

Refer below Topology to configure VPC Flow logs.

Task:

• Create CloudWatch Logs
• Create an IAM Policy along with Create an IAM Role.
• Create a VPC: use default VPC with CIDR 172.31.0.0/16.
• Create an Internet Gateway (Use Default IGW) and attach to it.
• Create a Subnet (Use default Subnet for that VPC).
• Create VPC Flow Logs and Create an EC2 Instance Dclessons-FlowLogs-EC2.
• Generating Traffic and View log events in CloudWatch Log groups.

Solution:

Go to AWS Services | Management & Governance | Select CloudWatch

Under Cloud Watch | Logs : Log Groups : Click Create Log Groups

Under Log Groups Details : Name: Dclessons-Logs Keep all items by default | Click Create

Go to IAM Section | Under Policies | Click Create Policies

Select JSON and clear the existing text in the editor and paste the code below and click on Next:Tags

{

    "Version": "2012-10-17",

    "Statement": [

        {

            "Action": [

                "logs:CreateLogGroup",

                "logs:CreateLogStream",

                "logs:PutLogEvents",

                "logs:DescribeLogGroups",

                "logs:Describe*",

                "logs:DescribeLogStreams"

            ],

            "Effect": "Allow",

            "Resource": "*"

        }

    ]

}

Add Tags: No changes needed, click on Next: Review.

Under review Policy | Name: Dclessons-Policy | Click Create Policy

Go to IAM Roles , Under Roles | Click Create Roles | Select AWS Service and under usecase : Select EC2 | Click Next.