Skip to main content
Sumo Logic

Collect Logs for PCI Compliance for Amazon VPC Flow Logs

Collect Logs for PCI Compliance for Amazon VPC Flow Logs.

You can enable Amazon Virtual Private Cloud (VPC) Flow Logs from the Amazon Web Services (AWS) Management Console, the AWS Command Line Interface (CLI), or by making calls to the Elastic Compute Cloud (EC2) API.

To enable Amazon Flow Logs for your VPC:

  1. Set up the VPC.
    1. Go to VPC management, and go to the VPC list.
    2. Select the VPC.
    3. Click Actions > Create Flow Log.
    4. In Create Flow Log, select a Role to use Flow logs.
      1. If you haven't set up IAM permissions, click Set Up Permissions.
        Create Flow Log
      2. From the new tab, VPC Flow Logs is requesting permissions to use resources in your account:
      3. From the IAM Role, select Create a new IAM Role.
      4. Add a Role Name that describes your logs such as VPC-Flow-Logs.
      5. Click Allow.
    5. Back in Create Flow Log, enter the new role you created in Role.
    6. Destination Log Group enter a descriptive name such as VPCFlowLogs.
    7. Click Create Flow Log.
      It can take up to an hour for the log group to show up in CloudWatch Logs.
  2. Configure an HTTP collector in Sumo Logic.
  3. Configure an HTTP Source in Sumo Logic.
  4. Create an Amazon Lambda Function.
  5. Subscribe the Lambda function to the VPC Flow Log group.
    1. Select the VPC Flow Log group in the CloudWatch Logs management panel. This is the Log Group created in the first part (VPCFlowLogs was used).
    2. Click Actions and select Stream to Lambda Function.
    3. Select the Lambda function you created (we used sumo-vpc in our Lambda example).
    4. Click Next.
    5. Select Amazon VPC Flow Logs for Log Format.
    6. Click Next.
    7. Click Start Streaming.
  6. Wait a few minutes, and check to make sure your logs are flowing into Sumo.