Configuring Amazon Web Services Flow Logs¶
The integration between Amazon Web Services (AWS) and Scrutinizer provides insight into network traffic destined for AWS, such as top AWS users,top AWS applications, as well as overall traffic load of AWS hosted applications.
After configuring Amazon Web Services Flow Log integration with Scrutinizer, the following AWS specific flow reports are available in Scrutinizer.
- Action with Interface
- Action with Interface and Dst
- Action with Interface and Src
- Pair Interface
- Pair Interface Action
A minimum of Scrutinizer v18.16 is required for the configuration to successfully complete and for the AWS reports to become available.
The following information is required to configure AWS Flow Logs integration:
- AWS S3 Bucket containing Flow Logs
- The VPC(s) you want to monitor need to be configured to send Flow Logs to this S3 bucket;
- You can ingest from multiple S3 buckets;
- Flow Logs will be deleted from the S3 bucket as Scrutinizer ingests them.
- AWS ID and secret with full access permission to the S3 bucket containing your logs.
- The region the S3 bucket is in.
AWS configuration in Scrutinizer¶
- Navigate to Admin > Settings > AWS Flow Logs S3
- Click “Add” to create a new Flow Log source in Scrutinizer. Each row in the interface will appear as a separate exporter in the Scrutinizer reporting interface.The exporter will appear in the interface with the name provided here.
- Provide a unique name for the Flow Log source.
- Select the collector that will communicate with AWS to receive data for this bucket.
- Enter the bucket name, region, ID, and Secret.
- Save the entry