A step-by-step guide to building a network-monitored environment in AWS
VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data can be published to Amazon CloudWatch Logs or Amazon S3.
Amazon Athena is an easy to use and interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. Athena is serverless, so there is no infrastructure to manage, and you pay only for the queries that you run.
CloudWatch is a kind of all-in-one service about Logs and Metrics, providing observability of your AWS resources in so many ways by doing so many actions, and integrating with so many products.
By the end of the day, we will have a monitored network environment in our VPC in a professional way. To get there, we will learn how to use and integrate those AWS services listed above in order to help us with analyzing networking traffic tasks, plus, to get notified for threats. 🧐
Navigate to S3 and create a bucket, give it a name and copy the bucket ARN, we’ll use it later on.
There is so much to talk about Server-Side Encryption in S3, to remains focused select the AES-256 option and carry on, I’ll reference some links about it at the end of this article.
Navigate to your VPC and click on the Create flow log button.
AWS will automatically create a Resource Policy into your Bucket in order to grant all permisions needed for VPC Flow Log.
#aws-security #cloudwatch #security #aws