Set up Flow Logs in AWS and Azure
This topic provides an overview of setting up flow logs for use by Illumio CloudSecure.
CloudSecure uses flow logs to display the flows. Granting access to flow logs allows CloudSecure to use these flow logs. For instructions on how to grant flow log access to Illumio, see the in-application help. For instructions on how to enable flow logs see Grant Flow Log Access.
AWS
You can set up flow logs in AWS using the console, a CloudFormation template, or the command line.
Using the Console
To configure flow logs for a VPC in the AWS console:
- Go to the VPC console at https://console.aws.amazon.com/vpc/ and select the region to which the VPC belongs.
- Select the VPC for which flow logs are to be enabled.
- Under the VPC details page, select the Flow logs page and click the Create flow log button.
- Provide the following details in the flow log configuration page:
- Name for the flow log config
- Type of traffic to be filtered. For more insights, select All.
- The time interval can be set to 10 minutes
- Select Send to an Amazon S3 bucket and paste the ARN of the S3 bucket. It also provides the option to create a new S3 bucket from there.
- For log record format, select any value. For more details, select Custom format and select all attributes. Use defaults for all other values.
- After entering the required information click the Create flow log button.
Using the CloudFormation Template
To enabled flowlogs for a VPC using the CloudFormation template:
- Go to the VPC console page at https://console.aws.amazon.com/vpc/, select the VPC for which the flow logs are to be enabled, and copy the VPC ID.
- Go to the S3 console page at https://console.aws.amazon.com/s3/ and select the bucket in which the flow logs are to be stored. Under the Properties tab, copy the name.
- Save the following CloudFormation Template to a file named
enabling-vpc-flowlogs.yaml
.
AWSTemplateFormatVersion: "2010-09-09"
Description: "Enable Flow logs for a vpc"
Parameters:
VpcId:
Type: String
Description: VPC Id for which flow logs are to be enabled
BucketName:
Type: String
Description: Name of the bucket in which flow logs are to be stored.
Resources:
FlowLog:
Type: AWS::EC2::FlowLog
Properties:
ResourceId: !Ref VpcId
ResourceType: "VPC"
TrafficType: "ALL"
LogDestination: !Join
- ""
- ["arn:aws:s3:::", !Ref BucketName]
LogDestinationType: "s3"
LogFormat: "${version} ${account-id} ${interface-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${protocol} ${packets} ${bytes} ${start} ${end} ${action} ${log-status}"
MaxAggregationInterval: 600
Tags:
- Key: "Name"
Value: "FlowLogsForIllumioCloudSecure"
- Key: "Purpose"
Value: "Alltrafficvizualizationmap"
Outputs:
FlowLogArn:
Description: The ARN of the created flow log
Value: !Ref FlowLog
For more information, see the vendor documentation:
https://docs.aws.amazon.com/vpc/latest/userguide/working-with-flow-logs.html
Running the CloudFormation Template
-
Go to AWS CloudFormation service and use the template file to create a new stack with new resources (standard).
-
Select Template is Ready and then Upload a template file. Upload the
enabling-vpc-flowlogs.yaml
file. -
In the next page, enter a desired stack name followed by the bucket name and VPC ID you copied before.
-
Click Next and leave default values in the successive pages. In the final page click Create stack.
After the stack creation is complete, go to the VPC console and verify the flow logs being created.
The template must be run in the same region in which the VPC belongs. Choose the appropriate region on top right before running CloudFormation template.
Using the Command Line
See the vendor documentation:
https://docs.aws.amazon.com/cli/latest/reference/ec2/create-flow-logs.html
Azure
Using the Console
See the vendor documentation:
https://learn.microsoft.com/en-us/azure/network-watcher/nsg-flow-logs-tutorial