Sign in
agent:

Compliance Check for VPC Flow Logs in AWS Region

There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

The workflow involves evaluating all Amazon VPCs within the AWS region us-east-2 to ensure that VPC Flow Logs are enabled. Each VPC is checked for compliance, and if any VPC lacks Flow Logs, it is marked as NON_COMPLIANT. The results of this compliance check are then tabulated for further analysis. This process helps in maintaining security and monitoring standards across the network infrastructure.

  1. 1

    The script evaluates all VPCs in the us-east-2 region to check if VPC Flow Logs are enabled and tabulates the compliance status.

    1

    1. 1.1

      List all Amazon VPCs.

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      The script lists all VPCs in the us-east-2 region using boto3 with credentials.

      import boto3 import json # Initialize boto3 client for EC2 in the us-east-2 region client = boto3.client( 'ec2', region_name='us-east-2', aws_access_key_id=getEnvVar('AWS_ACCESS_KEY_ID'), aws_secret_access_key=getEnvVar('AWS_SECRET_ACCESS_KEY') ) # Retrieve all VPCs vpcs = client.describe_vpcs() vpc_list = [vpc['VpcId'] for vpc in vpcs.get('Vpcs', [])] # Print the list of VPCs print(json.dumps(vpc_list, indent=4))
      copied
      1.1

    2. 1.2

      Check each VPC in the list to verify if VPC Flow Logs are enabled.

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      The script checks each VPC in the list to verify if VPC Flow Logs are enabled and returns their compliance status.

      import boto3 import json # Initialize boto3 client for EC2 in the us-east-2 region client = boto3.client( 'ec2', region_name='us-east-2', aws_access_key_id=getEnvVar('AWS_ACCESS_KEY_ID'), aws_secret_access_key=getEnvVar('AWS_SECRET_ACCESS_KEY') ) vpc_flow_log_status = {} # Check each VPC for Flow Logs for vpc_id in vpc_list: flow_logs = client.describe_flow_logs( Filters=[ { 'Name': 'resource-id', 'Values': [vpc_id] } ] ) # Determine if Flow Logs are enabled if flow_logs.get('FlowLogs'): vpc_flow_log_status[vpc_id] = 'COMPLIANT' else: vpc_flow_log_status[vpc_id] = 'NON_COMPLIANT' # Print the compliance status of each VPC print(json.dumps(vpc_flow_log_status, indent=4))
      copied
      1.2

    3. 1.3

      Determine compliance status for each VPC based on whether Flow Logs are enabled. Mark as NON_COMPLIANT if Flow Logs are not enabled.

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      The script determines the overall compliance status for each VPC based on whether Flow Logs are enabled and marks as NON_COMPLIANT if any VPC does not have Flow Logs enabled.

      import json # Determine overall compliance status non_compliant_vpcs = [vpc_id for vpc_id, status in vpc_flow_log_status.items() if status == 'NON_COMPLIANT'] if non_compliant_vpcs: compliance_summary = 'NON_COMPLIANT' else: compliance_summary = 'COMPLIANT' # Print the compliance summary print(compliance_summary) # Print detailed compliance status for each VPC print(json.dumps(vpc_flow_log_status, indent=4))
      copied
      1.3

    4. 1.4

      Tabulate the compliance results for all VPCs.

      There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.

      The script tabulates the compliance results for all VPCs based on their Flow Logs status.

      table = context.newtable() table.num_rows = len(vpc_flow_log_status) + 1 # +1 for header table.num_cols = 2 table.title = "VPC Flow Logs Compliance Status" table.has_header_row = True table.setval(0, 0, "VPC ID") table.setval(0, 1, "Compliance Status") row = 1 for vpc_id, status in vpc_flow_log_status.items(): table.setval(row, 0, vpc_id) table.setval(row, 1, status) row += 1 print("Compliance results have been tabulated successfully.")
      copied
      1.4

AI created and expert curated runbooks

© 2025 DagKnows, Inc. All rights reserved
Resources
Blog
Company
Legal
Privacy policy