Enable VPC flow logs

1. Navigate to VPC in the AWS console

2. Under Resources by Region Select VPCs

3. The next step will use the CloudShell, where you'll copy and paste a CLI command to more efficiently and accurately enable working flow log configuration for your VPC.

Flow logs will be enabled with the following settings preconfigured:

• Traffic type: ALL
• Resource ID:
• Log destination type: S3
• Max aggregation interval: 1 minute

4. Open Cloudshell
   You'll see a command prompt open up on the lower half of the screen

5. Copy and paste the command below, replace <VPC ID> with the VPC ID you want to enable flow logs for, and replace <bucket name> with the name of your S3 bucket created in a previous step.

aws ec2 create-flow-logs \
  --resource-type VPC   \
  --resource-ids <VPC ID> \
  --traffic-type ALL   \
  --log-destination-type s3 \
  --log-destination arn:aws:s3:::<bucket name> \
  --log-format '${version} ${account-id} ${interface-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${protocol} ${packets} ${bytes} ${start} ${end} ${action} ${log-status} ${tcp-flags} ${type} ${pkt-dstaddr} ${pkt-srcaddr} ${instance-id} ${vpc-id} ${az-id} ${sublocation-id} ${sublocation-type} ${subnet-id}' \ 
  --max-aggregation-interval 60

🚧

If the log format isn't specified exactly as it is in the above command, your integration will fail.

6. Once you've pasted in the command, it should look like this:

7. Hit the enter key to run the command.

If you see the below, your flow logs have been successfully created.
"Unsuccessful":[] means you were successful and no errors were indicated.