Integrating with AWS VPC Flow Logs

Before you begin

Before configuring AWS VPC Flow Logs, we recommend reviewing Getting started with AWS security monitoring.

VPC Flow Logs Configuration

1. Open VPC from the AWS console and select VPCs
   
2. Select the VPC you wish to ingest logs from, select Flow logs, then Create flow log 

   

3. Complete the VPC flow log configuration by entering the appropriate name, filter, destination, log group, and IAM role. Note: if an existing role hasn’t been configured, clicking Set up permissions will aid in creating this for you, as pictured in the following step.
   
4. If a service role for allowing VPC Flow Logs to put logs into a CloudWatch log group does not already exist, use the below as a guide for creating that IAM configuration by clicking Set up permissions as pictured in the previous image.
   
5. Repeat for each VPC you wish to ingest logs from (using the same IAM role).

Now that you’ve configured AWS VPC Flow Logs for Blumira, continue to the next step in configuring AWS for Blumira: configure AWS GuardDuty.