VPC flow logging is not enabled Affecting VPC service in AWS

Snyk CCSS

Logging / Logging

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

AWS-Well-Architected CIS-AWS CIS-Controls HIPAA ISO-27001 NIST-800-53 SOC-2

Snyk ID SNYK-CC-00151
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

VPC Flow Logs provide visibility into network traffic that traverses the AWS VPC. Users can use the flow logs to detect anomalous traffic or insight during security workflows.

How to fix?

Reference the aws_vpc in an aws_flog_log vpc_id field.

Example Configuration

resource "aws_vpc" "valid_vpc" {
  # other required fields here
}

resource "aws_flow_log" "test_flow_log" {
  vpc_id         = "${aws_vpc.valid_vpc.id}"
  # other required fields here
}

VPC flow logging is not enabled Affecting VPC service in AWS

Severity

Description

How to fix?

Example Configuration

cli

CloudFormation

Terraform

References