Enable Amazon VPC Flow Logs for Skyhigh CASB
Amazon Virtual Private Cloud (VPC) Flow Logs allow you to capture IP traffic information going to and from network interfaces in your VPC. Flow log data can be published to Amazon CloudWatch Logs or Amazon S3. In Skyhigh CASB you can view VPC Flow Log data in the Resources Connection View when you enable the feature for Configuration Audit.
For more information, see VPC Flow Logs.
Prerequisites
- To enable VPC Flow logs, contact Skyhigh Security Support.
- Provide the Minimum Permissions to the Skyhigh CASB IAM role. For details, see Configure Skyhigh CASB IAM Roles for AWS.
Configure VPC Flow Logs in AWS
- Log in to the AWS console.
- Go to the VPC service page and select the VPC where you want to enable Flow Logs.
- Select the Flow Logs tab.
- Click Create Flow Logs.
- The configuration page for Flow Logs opens.
- For Destination, select CloudWatch or S3 Bucket and add the required configuration information. For example, if an S3 bucket is your destination, add the S3 bucket ARN.
- For Filter select All
- For Log record format, select AWS default format.
- Click Create.
Enable VPC Flow Logs in Skyhigh CASB
- Go to Settings > Service Management.
- Select your AWS instance.
- Select the Setup tab, and under API, click Edit.
- For Enabled Features, click Edit.
- Under Security Configuration Audit, activate the checkbox VPC Flow Logs.
- Click Next, then finish the wizard steps to save your changes.
- Once you have enabled VPC Flow Logs, run the Config Audit scan.