AWS VPC and GigaFlow
Create Log Groups
From the AWS management console, select CloudWatch; you will see:
On the left-hand side, click Logs.
Click Create Log Group.
When asked for a name, enter "VPCFlowLogs" and click Create Log Group.
Enable VPC Logging
From the AWS management console, select VPC; you will see:
From the VPC Dashboard, click on Your VPCs in the left-hand menu.
Click to select the VPC of interest:
Now select the Flow Logs tab at the bottom of the screen:
If there are no flow logs in the list, click Create flow log.
You will see something similar to:
Change the Filter option to All.
For destination, ensure that Send to CloudWatch logs is selected.
For Destination log Group, click to select the VPCFlowLogs option:
- If you don’t already have a role that you want to use, click on Set Up Permissions.
- Select Create a new IAM Role for IAM Role options.
- Enter the Role Name, e.g. "FlowLogsToCloudWatch".
- Click Allow at bottom of screen.
- Return to the Create Flow Log page to continue.
You should now see:
Return to the CloudWatch Dashboard and select the Logs menu option from the left-hand screen. You will see a page similar to:
Click on the flow log name, "VPCFlowLogs". This will open the log destination and show which streams have been created.
You will see similar to the following screenshot, with an entry for each interface.
Click on any one of the log streams; you will see something similar to:
Create an AWS Lambda Function
From the AWS management console, select Lambda; you will see:
From the left hand menu, select the Functions.
On this page, click on the Create Function button in the right hand frame; this takes you to:
On this page, ensure that the Author from scratch card is selected.
Type in the name of the Lambda function, i.e. VPCToNetflow".
Runtime should be Node.js 8.10.
The Role is Create a custom role. This will take you to a setup role page, similar to the VPC log access set-up page. Select Create a new IAM role. Enter the Role Name, i.e. “LambdaVPCLogAccess”. Click Allow. This will return you to the Lambda page with the new role selected.
Click the Create Function button.
You will see:
From the left-hand list under Add triggers, select CloudWatch Logs; this will look like:
Scroll down to configure Triggers for cloud watch.
On his page, select the Log Group you created previously, i.e. "VPCFlowLogs".
Enter a filter name, e.g. "VPCToNetflowFilter".
Leave the filter pattern blank.
Ensure that Enable trigger is selected and click Add.
Create the Netflow Generator Function
At the top of the Lambda function page, click on the Lambda name, i.e. "VPCToNetflow".
This will take you to Function Code. Here you can edit the associated Lambda function.
Delete the existing code at index.js.
Paste in the Anuvew NetFlow generator code. See the Get the Code section, below.
Customize the code for your VPC by changing the port and host IP address, i.e. where you want to send the flows.
Click Save at the very top of the screen.
You can use the monitoring tab at the top of the page to monitor the execution of the Lambda.
Get the Code
Please contact Anuview to request access to the Anuvew NetFlow generator code for AWS Lambda.