Setup VPC Flow Logs

VPC Flow Logs are a feature offered by AWS that allows you to monitor the inbound and outbound traffic from network interfaces in your VPC. We recommend setting up VPC Flow logs for the VPC in which Datacoral is installed so you can monitor the network traffic and keep it for auditing purposes.

Locate the VPC in which Datacoral is installed

Use the following command to list all VPCs in your AWS account and locate the VpcId for the VPC in which Datacoral was installed:

aws ec2 describe-vpcs

If Datacoral also created the VPC, you can also run the following command:

aws ec2 describe-vpcs --filters Name=tag:Name,Values=datacoral

The result will look like the following -- copy and save the VpcId:

{
"Vpcs": [
{
"CidrBlock": "10.0.0.0/16",
"State": "available",
"VpcId": "vpc-0cb54bec0000000",
...
}]
}

Create VPC Flow Logs

Once you have the VpcId, create an S3 bucket (or re-use an existing S3 Bucket) for saving the VPC Flow logs. Ideally, this S3 Bucket will have been configured to not allow any deletes and should be in a separate AWS account. Now, run the following command:

aws ec2 create-flow-logs \
--resource-ids vpc-0cb54bec0000000 \
--resource-type VPC \
--traffic-type ALL \
--log-destination-type s3 \
--log-destination arn:aws:s3:::<s3-bucket-name>/<optional-s3-prefix>/

That's it! Now the logs will begin to be saved in your S3 bucket. If you need to see additional options for the format of the logs, or sending the logs to CloudWatch, look at the create-flow-logs documentation here.