The VPC is an AWS service that is used to create an isolated network on the cloud to keep all the resources safe. Flow logs of the VPC are used to control or manage IP traffic information in and out of the network interface with the VPC network. The user can turn on these flow logs to get insights from the log files to perform better business decisions based on traffic knowledge.

This guide will explain how to create logging IP traffic using a VPC flow log.

How to Create Logging IP Traffic?

Creating Logging IP traffic using VPC flow logs will require a role that publishes these logs to the CloudWatch service. To create an IAM role, head into the IAM dashboard from the AWS Management Console:

Click on the “Roles” button from the left navigation panel:

Click on the “Create role” button from the Roles page:

Select the AWS service as the use case for the role and navigate to the next page:

Click on the “Create policy” button from the Add Permissions page:

Select the “JSON” option and paste the following policy on the editor:

This code assigns the policy that allows the log groups of the CloudWatch service to perform actions mentioned in the code:

Type the name of the policy before completing its creation process:

Review the configurations before clicking on the “Create policy” button:

Once the policy is created, head back to the role creation page and select the policy:

Configure the role by typing its name and description:

After that, simply review the role configurations and click on the “Create role” button:

Head into the VPC dashboard from the AWS console:

Head into the VPC page from its dashboard:

Select the VPC and click on the “Flow logs” section:

Click on the “Create flow log” button from the Flow logs section:

Type the name of the flow log which is created within the VPC:

Configure the settings of the flow log as displayed in the screenshot below:

Select the Destination log group of the CloudWatch in which the file will be stored and then choose the role created in the previous steps:

Click on the “Create flow log” button after reviewing the configurations to finish the flow log creation:

The flow log has been created successfully in the Virtual Private Cloud Service:

That’s all about creating logging IP traffic using VPC Flow Logs.

Conclusion

To create logging IP traffic using VPC flow logs, first, create an IAM role that assigns permissions to publish these flow logs to create logging IP traffic. After that, simply visit the VPC dashboard from the AWS console and head to the “Your VPCs” page. Select the VPC and head into the flow log section to configure it using the destination group and IAM role.