VPC Does Not Have Flow Log

Overview

Note: Although VPC flow logs are required in every VPC in some compliance standards, like CIS, this is not always recommended. FireMon suggests enabling VPC Flow Logs based on the risk assessment of the VPC, and only when the organization is capable of analyzing the logs (themselves or through a partner). VPC FLow Logs provide "netflow-like" information on all connections made in and out of a VPC. They don't include packet captures, but do include traffic flows including source and destination addresses. This valuable network information can be used to analyze network patterns, in particular for security issues such as connections to known-bad destinations. Unusual traffic patterns or changes in patterns may also indicate either a security or a performance problem.

Since the logs are stored within AWS, you can also build event-based triggers to support automated response.

VPC Flow Logs are saved in CloudWatch or S3 and are recommended for any VPC where you need to monitor network traffic, such as those holding resources within scope of most compliance regulations. Enabling these logs is also a requirement for the CIS Benchmarks. However, high-traffic VPCs can become costly due to the large volume of stored logs (especially in CloudTrail). Flow Logs can record all traffic or just accept/reject connections. They can apply to an entire VPC or a subnet or network interface.

Vendor

AWS

Cloud Service

EC2

CIS AWS v1.5.0 3.9, EC2.6

Severity

Item Types

AWS::EC2::VPC

Overview​

Vendor​

Cloud Service​

Related Controls​

Severity​

Item Types​

Overview

Vendor

Cloud Service

Related Controls

Severity

Item Types