Creating AWS VPC Flow Logs and Generating Traffic: A Step by step guide

Leave a Comment / By /

In this guide, we will walk you through the process of creating AWS VPC Flow Logs and generating traffic in an Amazon Web Services (AWS) environment. VPC Flow Logs provide network visibility by capturing information about the IP traffic going to and from network interfaces within a Virtual Private Cloud (VPC). By the end of this tutorial, you will have a better understanding of how to set up VPC Flow Logs and generate network traffic within an AWS VPC.

Prerequisites:

  • An AWS account with appropriate permissions.
  • AWS CLI (Command Line Interface) installed and configured on your local machine.

Step 1: Sign in to AWS Management Console

  1. Click on the “Open Console” button to access the AWS Management Console.
  2. Leave the Account ID as default; never edit or remove the 12-digit Account ID.
  3. Copy your Username and Password from the Lab Console to the IAM Username and Password in the AWS Console.
  4. Sign in to the AWS Management Console.

To set the default AWS region using AWS CLI:

 
aws configure set region us-east-1

Step 2: Create CloudWatch Logs

  1. Navigate to the Services menu at the top and choose CloudWatch under Management and Governance.
  2. Click on “Log Groups” on the left side panel and Click on “Create log group” button.AWS CLI equivalent:
    aws logs create-log-group --log-group-name kampsvpclogs

Step 3: Create a VPC

  1. Navigate to the Services menu at the top and select “VPC” under Networking and Content Delivery.
  2. Click on “Your VPCs” on the left side panel, then click on “Create VPC” and select “VPC only.”VPC Settings:
    • Name tag: Enter “MyVPC”
    • IPv4 CIDR block: Enter “10.1.0.0/16”
  3. Leave the other fields as default and click on “Create VPC.”AWS CLI equivalent:
    aws ec2 create-vpc --cidr-block 10.1.0.0/16 --tag-specifications 'ResourceType=vpc,Tags=[{Key=Name,Value=MyVPC}]'

Step 4: Creating an Internet Gateway

  1. Select “Internet Gateways” on the left side panel and click on “Create internet gateway.”
  2. Enter the name as “MyInternetGateway.” Leave everything else as default and click on “Create internet gateway.”
  3. Once created, attach it to “MyVPC” by clicking on “Actions” at the top and selecting “Attach to VPC.”
  4. Under Available VPCs, select “MyVPC” and then click on “Attach internet gateway” button.
  5. Click on the “Route Tables” on the left side panel and then select the main route table for your VPC, i.e., “MyVPC.”
  6. Click on the “Routes” tab and then click on “Edit routes.”Click on “Add Route”:
    • Destination: Enter “0.0.0.0/0”
    • Target: Select “Internet Gateway” and choose “MyInternetGateway” from the drop-down list.
    Click on “Save Changes” button.AWS CLI equivalent for creating an internet gateway and attaching it:
    aws ec2 create-internet-gateway --tag-specifications 'ResourceType=internet-gateway,Tags=[{Key=Name,Value=MyInternetGateway}]' aws ec2 attach-internet-gateway --internet-gateway-id <internet-gateway-id> --vpc-id <vpc-id>

Step 5: Create a Subnet

  1. Click on “Subnets” on the left side panel and click on “Create Subnet.”VPC:
    • VPC ID: Select “MyVPC”
    Subnet settings:
    • Subnet name: Enter “kampssub”
    • Availability Zone: Select “US East(N.Virginia)/us-east-1a”
    • IPv4 CIDR Block: Enter “10.1.1.0/24”
    Click on “Create subnet” button.AWS CLI equivalent:
    aws ec2 create-subnet --vpc-id <vpc-id> --cidr-block 10.1.1.0/24 --availability-zone us-east-1a --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=kampssub}]'

Step 6: Create VPC Flow Logs

  1. Click on “Your VPCs” on the left side panel and select “MyVPC,” click on “Actions,” then select “Create Flow Log.”Create flow log:
    • Name: Enter “MyVPCFlowLog”
    • Filter: Select “Accept”
    • Maximum Aggregation Interval: Select “1 minute”
    • Destination: Select “Send to Cloudwatch Logs”
    • Destination Log Group: Select “kampsvpclogs.”
    • IAM role: Select “VPCFlowLog_Role_<RANDOM_NUMBER>”. This role has already been created for you.
    Leave the other options as default, then click on “Create flow log.”AWS CLI equivalent:
    aws ec2 create-flow-logs --resource-type VPC --resource-ids <vpc-id> --traffic-type ACCEPT --log-destination-type cloud-watch-logs --log-group-name kampsvpclogs --deliver-logs-permission-arn <iam-role-arn>
  2. Once the flow logs are created, in the “My VPCs” dashboard, select “MyVPC,” and click on “Flow Logs” tab.AWS CLI equivalent for listing VPC Flow Logs:
    aws ec2 describe-flow-logs --filter "Name=resource-id,Values=<vpc-id>"

Now, you have successfully created the VPC Flow Logs.

Step 7: Creating an EC2 Instance

  1. Navigate to Services at the top and click on EC2 under Compute.
  2. Make sure you are in the “US-East (N.Virginia) us-east-1” region.
  3. Select “Instances” on the left side panel and click on “Launch instances.”Enter Name: “kampsec2instance.”Choose an Amazon Machine Image (AMI): Select “Amazon Linux 2023 AMI” in the drop-down.Choose an Instance Type: Select “t2.micro.”For Key pair: Select “Create a new key pair” Button
    • Key pair name: “KampsKey”
    • Key pair type: “RSA”
    • Private key file format: .pem
    Select “Create key pair” Button.In Network Settings, Click on “Edit Button”:
    • VPC : Select “MyVPC”
    • Subnet: It automatically selects the Subnet we created(“kampssub”)
    • Auto-assign public IP: Enable
    Select “Create new Security group”
    • Security group name : Enter “MyEC2Server_SG”
    • Description : Enter “Security Group to allow traffic to EC2”
    Check “Allow SSH from” and Select “Anywhere” from dropdownTo add HTTP,
    • Choose Type: HTTP
    • Source: Select Anywhere
    Under Advanced Details, scroll to IAM Instance Profile, and select “VPCFlowLog_Role_<RANDOM_NUMBER>.”Click on “Launch Instances.”AWS CLI equivalent for launching an EC2 instance:
    aws ec2 run-instances --image-id <ami-id> --instance-type t2.micro --key-name KampsKey --security-groups MyEC2Server_SG --subnet-id <subnet-id> --associate-public-ip-address --iam-instance-profile Name=VPCFlowLog_Role_<RANDOM_NUMBER>
  4. After 1–5 minutes, the Instance State will change to running.AWS CLI equivalent for checking the EC2 instance status:
    aws ec2 describe-instances --instance-ids <instance-id> --query "Reservations[].Instances[].State.Name" --output text

Step 8: Generating Traffic

  1. In this task, we are going to generate traffic to the EC2 instance by installing an Apache server.
  2. SSH into the instance to generate traffic. To do so, please follow the steps in “SSH into EC2 Instance.”Once you SSH into the instance, install an Apache Server. To install it, follow the below steps. Run these commands one-by-one.This command allows you to switch to the superuser or root user.
    sudo su This command updates the packages and software on the EC2 instance.
    yum -y update This command installs the Apache HTTP Server, commonly known as Apache. Apache is a widely used web server software that enables the hosting of websites and serves web content.
    yum install httpd -y This command changes the current directory to the default location where web content is served by Apache.
    cd /var/www/html This command creates a simple HTML file named “index.html” and sets its content as “Response coming from server”.
    echo "Response coming from server" > /var/www/html/index.html This command starts the Apache web server service. Once the service is started, Apache is ready to serve web content.
    systemctl start httpd This command configures Apache to start automatically when the EC2 instance boots up.
    systemctl enable httpd This command checks the status of the Apache web server service.
    systemctl status httpd Copy your instance’s Public-IP/index.html, paste it into your browser and hit enter.AWS CLI equivalent for SSH into an EC2 instance:
    ssh -i <path-to-private-key> ec2-user@<public-ip>

Step 9: Viewing log events in CloudWatch Log groups

  1. Navigate to the Services menu at the top and choose CloudWatch under Management and Governance.
  2. Click on “Log Groups” on the left side panel and click on “kampsvpclogs.”
  3. Go to Log streams section and click on the log stream that has been created [In my case – eni-0cce25a260b5d0fbe-accept].You will be able to view all the log events i.e. the traffic that is being directed to our EC2 Instance.AWS CLI equivalent for listing log streams:
    aws logs describe-log-streams --log-group-name kampsvpclogs

Do You Know? VPC Flow Logs can be used not only for monitoring and troubleshooting purposes but also for security analysis and threat detection. By analyzing the flow log data, you can gain insights into network patterns, detect anomalies, and identify potential security threats or unauthorized access attempts. This can help enhance the security of your VPC infrastructure and protect your resources from malicious activities.

Conclusion

Congratulations! You’ve successfully created CloudWatch Logs, set up VPC Flow Logs, created a VPC, an EC2 instance, and generated network traffic within your AWS environment. These skills are valuable for monitoring and securing your AWS resources.

Remember to terminate your AWS resources to avoid ongoing charges when you no longer need them.

By following these steps, you’ve gained practical experience in configuring network monitoring and generating traffic within AWS, which is essential for cloud architects and DevOps engineers working with AWS.

Thank you for using this comprehensive guide to learn about VPC Flow Logs and network traffic generation in AWS.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top