Set up Flow Logs in AWS and Azure

This topic provides an overview of setting up flow logs for use by Illumio CloudSecure.

CloudSecure uses flow logs to display the flows. Granting access to flow logs allows CloudSecure to use these flow logs. For instructions on how to grant flow log access to Illumio, see the in-application help. For instructions on how to enable flow logs see Grant Flow Log Access.

AWS

You can set up flow logs in AWS using the console, a CloudFormation template, or the command line.

Using the Console

To configure flow logs for a VPC in the AWS console:

  1. Go to the VPC console at https://console.aws.amazon.com/vpc/ and select the region to which the VPC belongs.
  2. Select the VPC for which flow logs are to be enabled.
  3. Under the VPC details page, select the Flow logs page and click the Create flow log button.
  4. Provide the following details in the flow log configuration page:
    • Name for the flow log config
    • Type of traffic to be filtered. For more insights, select All.
    • The time interval can be set to 10 minutes
  1. Select Send to an Amazon S3 bucket and paste the ARN of the S3 bucket. It also provides the option to create a new S3 bucket from there.
  2. For log record format, select any value. For more details, select Custom format and select all attributes. Use defaults for all other values.
  1. After entering the required information click the Create flow log button.

Using the CloudFormation Template

To enabled flowlogs for a VPC using the CloudFormation template:

  1. Go to the VPC console page at https://console.aws.amazon.com/vpc/, select the VPC for which the flow logs are to be enabled, and copy the VPC ID.
  1. Go to the S3 console page at https://console.aws.amazon.com/s3/ and select the bucket in which the flow logs are to be stored. Under the Properties tab, copy the name.
  1. Save the following CloudFormation Template to a file named enabling-vpc-flowlogs.yaml.

AWSTemplateFormatVersion: "2010-09-09"

Description: "Enable Flow logs for a vpc"

Parameters:

VpcId:

Type: String

Description: VPC Id for which flow logs are to be enabled

BucketName:

Type: String

Description: Name of the bucket in which flow logs are to be stored.

Resources:

FlowLog:

Type: AWS::EC2::FlowLog

Properties:

ResourceId: !Ref VpcId

ResourceType: "VPC"

TrafficType: "ALL"

LogDestination: !Join

- ""

- ["arn:aws:s3:::", !Ref BucketName]

LogDestinationType: "s3"

LogFormat: "${version} ${account-id} ${interface-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${protocol} ${packets} ${bytes} ${start} ${end} ${action} ${log-status}"

MaxAggregationInterval: 600

Tags:

- Key: "Name"

Value: "FlowLogsForIllumioCloudSecure"

- Key: "Purpose"

Value: "Alltrafficvizualizationmap"

Outputs:

FlowLogArn:

Description: The ARN of the created flow log

Value: !Ref FlowLog

For more information, see the vendor documentation:

https://docs.aws.amazon.com/vpc/latest/userguide/working-with-flow-logs.html

Running the CloudFormation Template

  1. Go to AWS CloudFormation service and use the template file to create a new stack with new resources (standard).

  2. Select Template is Ready and then Upload a template file. Upload the enabling-vpc-flowlogs.yaml file.

  3. In the next page, enter a desired stack name followed by the bucket name and VPC ID you copied before.

  4. Click Next and leave default values in the successive pages. In the final page click Create stack.

After the stack creation is complete, go to the VPC console and verify the flow logs being created.

NOTE:
The template must be run in the same region in which the VPC belongs. Choose the appropriate region on top right before running CloudFormation template.

Using the Command Line

See the vendor documentation:

https://docs.aws.amazon.com/cli/latest/reference/ec2/create-flow-logs.html

Azure

Using the Console

See the vendor documentation:

https://learn.microsoft.com/en-us/azure/network-watcher/nsg-flow-logs-tutorial