Difference between revisions of "AWS VPC and GigaFlow"
| Line 125: | Line 125: | ||
When done, press the "Save" button at the very top of the screen. | When done, press the "Save" button at the very top of the screen. | ||
You can use the "monitoring" tab at the top of the page to monitor the execution of the lambda. | You can use the "monitoring" tab at the top of the page to monitor the execution of the lambda. | ||
| + | |||
| + | = Code = | ||
Revision as of 11:13, 23 November 2018
Contents |
Create Log Groups
From the AWS management console, select "CloudWatch"; you will see the following:
AWS CloudWatch Welcome Screen.
On the left-hand side, select the Logs menu.
CloudWatch Welcome Screen Menu.
From here, click the Create Log Group button.
When asked for a name, enter "VPCFlowLogs" and click Create Log Group button.
Enable VPC logging
From the AWS management console, select "VPC" , you should then have the following:
From the VPC Dashboard, click on the "Your VPCs" link in the left-hand menu.
Select the VPC you which to enable Flow Logs for
When selected, at the bottom of the screen, select the “Flow Logs” tab
If there are no flow logs in the list, click the “Create flow log” button. You will see something similar to the following:
From here, change the "Filter" option to "All" For destination, ensure that "Send to CloudWatch logs" is selected. For "Destination log Group" select the "VPCFlowLogs" option:
If you don’t already have a role you want to use, click on the "Set Up Permissions" link. Select "Create a new IAM Role" for the IAM Role options. Enter the Role Name e.g. "FlowLogsToCloudWatch". Click "Allow" at bottom of screen. Return to the "Create Flow Log" page to continue.
You should now see:
VPC Create flow log tab - completed.
Click the "Create" button. Return to the CloudWatch Dashboard and select the "Logs" menu option from the left-hand screen. You should have a page similar to:
Click on the flow log name (VPCFlowLogs) in this case. This will open the log destination and show which streams have been created. e.g. you will see similar to the following with an entry for each interface.
Clicking on one of the log streams should provide something similar to this:
Create the Lambda
From the AWS management console, select "Lambda", you should then have the following:
From the left hand menu, select the “Functions” menu item.
On this page, click on the “Create Function” button on the right hand frame taking you to:
On this page, ensure that the “Author from scratch” card is selected. Type in the name of the Lambda function i.e. “VPCToNetflow” Runtime should be “Node.js 8.10” Role should be “Create a custom role”. This should take you to a setup role page (similar to the previous one for VPC log access). Select “Create a new IAM role”, enter the Role Name i.e. “LambdaVPCLogAccess”. Then click allow. This will return you to the Lambda page with the new role selected.
AWS Lambda - Create function - Author from scratch.
Click the “Create Function” button. You will now be presented with the following
New Lambda function configuration.
From the left-hand list under “Add triggers”, select the “CloudWatch Logs” option, this should now look like:
New Lambda function configuration - add trigger.
If you scroll down the page, you can now configure the “Triggers” for cloud watch.
New Lambda function configuration - configure trigger.
On his page, select the Log Group you created previously “VPCFlowLogs” in this case. Enter a filter name i.e. “VPCToNetflowFilter” Leave the filter pattern blank. Ensure the “Enable trigger” option is selected and then press the “Add” button.
New Lambda function configuration - Add trigger.
Creating the Netflow Generator Function
At the top of the Lambda function page, click on the Lambda name ("VPCToNetflow")
This will take you to the "Function Code" where you can edit the function that gets run. Delete the code that’s in place (you should be in the index.js page)
Paste in the NetFlow generator code. The only things you should have to change are the port and host IP address to which you want the flows to be sent.
VPCToNetFlow function code - port and host name.
When done, press the "Save" button at the very top of the screen. You can use the "monitoring" tab at the top of the page to monitor the execution of the lambda.
