Basically VPC flow logs is used to monitor the network traffic in our infra. So it is a security tool. And we can store the Flow logs or Publish them
which can be further used for creating visualization dashboard. Below is simple Snap took form AWS Documentation
Three types of flow logs are there
1) VPC level logs
2) Subnet level logs
3) Instance level logs
Below are simple steps to show how VPC Flow Logs work
Step 1 ) Create EC2 Instance,
Step 2 ) Install Nginx
create a simple shell script and run it
#!/bin/bash
sudo apt update
sudo apt install nginx -y
sudo systemctl restart nginx
sudo systemctl status nginx
run it as “sudo sh nginx.sh”. You should get below result
Also you can check but browing the public IP address
Step 3 :: Create a S3 bucket, leave the settign default
Steo 4 : Create FlowLog
Got to VPC → Select the VPC on which the EC2 instace is created → Flow log
leave the other setting default and create Flow logs
Step 5 : Now lets go and check in S3 for any logs. Mostly we wont see any logs as no traffic is being sent. So lets try to give some traffic to our box
SSH in your box and run below script
while true
> do
> curl ec2-44-199-230-1.compute-1.amazonaws.com | grep -i nginx
> sleep 1
> done
This will ping the nginx server and this is how some traffic will be sent to box. Once this is done, break this loop uisng ctrl+ x and now check the s3 bucket, you will see some logs
Download and extarct the file and see the logs,
This is how uisng this logs Network team can block the ip which is trying to put unnecessary traffic in our infra.