A step-by-step guide to building a network-monitored environment in AWS

VPC Flow Logs

VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data can be published to Amazon CloudWatch Logs or Amazon S3.

Amazon Athena

Amazon Athena is an easy to use and interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. Athena is serverless, so there is no infrastructure to manage, and you pay only for the queries that you run.

Amazon CloudWatch

CloudWatch is a kind of all-in-one service about Logs and Metrics, providing observability of your AWS resources in so many ways by doing so many actions, and integrating with so many products.

What we will build

By the end of the day, we will have a monitored network environment in our VPC in a professional way. To get there, we will learn how to use and integrate those AWS services listed above in order to help us with analyzing networking traffic tasks, plus, to get notified for threats. 🧐

Enabling VPC Flow Log and integrating it with S3

Navigate to S3 and create a bucket, give it a name and copy the bucket ARN, we’ll use it later on.

• Create the Bucket in the same region as your VPC.
• Enable Encryption, we are handling sensitive data.

There is so much to talk about Server-Side Encryption in S3, to remains focused select the AES-256 option and carry on, I’ll reference some links about it at the end of this article.

Navigate to your VPC and click on the Create flow log button.

• In the Filter option, select All.
• At Destination, set Send to an S3 bucket and put the bucket ARN that you have created earlier.
• Leave every else as is and create the flow log.

AWS will automatically create a Resource Policy into your Bucket in order to grant all permisions needed for VPC Flow Log.

#aws-security #cloudwatch #security #aws