Amazon CloudWatch now allows customers to automatically enable Amazon Virtual Private Cloud (VPC) flow logs to CloudWatch logs across their AWS Organization. Customers can create enablement rules in CloudWatch Telemetry Config that automatically creates flow logs for both existing and newly created VPCs matching the rule scope, ensuring consistent monitoring coverage.
With today’s launch, customers can scope rules that apply to the whole organization, specific accounts, or specific resources based on resource tags to standardize the configuration of VPC flow logs. For example, the central DevOps team can create an enablement rule to automatically turn on flow logs to CloudWatch logs for VPCs with a specific tags, e.g., env:production, and help maintain complete visibility into network traffic patterns. Enablement rules use AWS Config Service-Linked recorders to discover resources that meet the rule criteria and automatically enable them to ingest logs.
CloudWatch’s telemetry auto-enablement capability is available in the following AWS commercial regions: US East (Ohio), US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Osaka), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm), and South America (São Paulo).
Customers incur charges for configuration items of resource types using enablement rules, according to AWS Config Pricing. Ingestion of VPC Flow Logs will be billed as vended logs as per CloudWatch Pricing. To learn more about org-wide VPC flow log enablement, visit the Amazon CloudWatch documentation.
Categories:
Source: Amazon Web Services