| agent: |
dTFEJj9CIWX6Q1fHHXTdConfigure VPC Flow Logs in AWS to an S3 bucket
Configure VPC Flow Logs in AWS to an S3 bucket
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.
This task activates a logging feature for Virtual Private Clouds (VPCs) in AWS. This feature records and stores information about the network traffic flowing through the VPC, aiding in security monitoring, traffic analysis, and troubleshooting. The collected data can be sent to Amazon CloudWatch Logs or Amazon S3 for retention and analysis.
inputs
outputs
import boto3
from botocore.exceptions import ClientError
creds = _get_creds(cred_label)['creds']
access_key = creds['username']
secret_key = creds['password']
def enable_vpc_flow_logs(vpc_id, region, s3_bucket_arn):
"""
Enable VPC Flow Logs for the specified VPC, directing them to an S3 bucket.
"""
try:
session = boto3.Session(aws_access_key_id=access_key,aws_secret_access_key=secret_key,region_name=region)
ec2 = session.client('ec2')
# Create the flow log
response = ec2.create_flow_logs(
ResourceIds=[vpc_id],
ResourceType='VPC',
TrafficType='ALL',
LogDestinationType='s3',
LogDestination=s3_bucket_arn
)
print(response)
if response['Unsuccessful']:
print(f"Failed to enable Flow Logs for VPC {vpc_id} in region {region}.")
else:
print(f"Successfully enabled Flow Logs for VPC {vpc_id} in region {region}.")
except ClientError as e:
print(f"An error occurred in region {region} for VPC {vpc_id}: {e}")
# List of VPCs without flow logs
#vpcs_without_flow_logs = [{'Region': 'ap-south-1', 'VPC_ID': 'vpc-0c433ca0ab76e67ae'}]
# S3 bucket ARN for storing flow logs
#s3_bucket_arn = 'arn:aws:s3:::your-bucket-name' # Replace with your S3 bucket ARN
# Enabling flow logs for each VPC
for vpc in vpcs_without_flow_logs:
enable_vpc_flow_logs(vpc['VPC_ID'], vpc['Region'], s3_bucket_arn)
copied