Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: VPC flow logs should be enabled

This rule emphasizes on ensuring VPC flow logs are enabled to enhance security and monitoring within your VPC.

RuleVPC flow logs should be enabled
FrameworkCISA-cyber-essentials
Severity
High

Rule Description:

VPC flow logs should be enabled for CISA-cyber-essentials to monitor network traffic and strengthen the security posture of the infrastructure. VPC flow logs capture information about the IP traffic going in and out of network interfaces in the VPC.

Rule Policy:

  • All VPCs within the organization should have flow logs enabled.
  • The flow logs should be configured to capture all accepted and rejected traffic.
  • The flow logs should be delivered to an S3 bucket for storage and analysis.
  • The log group for storing the flow logs should have the appropriate access control policies in place.

Troubleshooting Steps:

  2. 1.
    Check if VPC flow logs are currently enabled for the specified VPC. You can do this by navigating to the VPC dashboard in the AWS Management Console, selecting the desired VPC, and checking the "Flow Logs" tab.
  4. 2.
    Verify that the flow logs are capturing all accepted and rejected traffic. Review the flow log configuration and make necessary adjustments if needed.
  6. 3.
    Ensure that an S3 bucket is set up to receive the flow logs. Check if the S3 bucket specified in the flow log configuration exists and has the correct permissions.
  8. 4.
    Verify that the log group for storing the flow logs has appropriate access control policies configured. Check the IAM roles and policies associated with the log group.

Necessary Codes (if any):

No specific codes are required for enabling VPC flow logs. It can be done through the AWS Management Console or using AWS CLI commands.

Step-by-Step Guide for Remediation:

  2. 1.
    Open the AWS Management Console and navigate to the VPC dashboard.
  4. 2.
    Select the desired VPC that needs flow logs enabled.
  6. 3.
    Click on the "Flow Logs" tab.
  8. 4.
    Click on the "Create Flow Log" button.
  10. 5.
    In the flow log creation wizard, provide the necessary details such as log format, IAM role, and destination of the logs.
  12. 6.
    Choose the appropriate options to capture all accepted and rejected traffic.
  14. 7.
    Specify an existing S3 bucket or create a new one to store the flow logs.
  16. 8.
    Review the configuration and click on the "Create" button to enable flow logs for the selected VPC.
  18. 9.
    Use the appropriate IAM roles and policies to control access to the log group and the flow logs stored in S3.

Note: Ensure that the IAM role used for creating flow logs has the necessary permissions to write logs to the specified S3 bucket and create/update log groups.

By following these steps, VPC flow logs will be enabled for CISA-cyber-essentials, enhancing the monitoring capabilities and security of the infrastructure.

Is your System Free of Underlying Vulnerabilities?
Find Out Now