Use CreateFlowLogs with an AWS SDK or CLI - AWS SDK Code Examples

There are more AWS SDK examples available in the AWS Doc SDK Examples GitHub repo.

Use CreateFlowLogs with an AWS SDK or CLI

The following code examples show how to use CreateFlowLogs.

CLI
AWS CLI

Example 1: To create a flow log

The following create-flow-logs example creates a flow log that captures all rejected traffic for the specified network interface. The flow logs are delivered to a log group in CloudWatch Logs using the permissions in the specified IAM role.

aws ec2 create-flow-logs \
    --resource-type NetworkInterface \
    --resource-ids eni-11223344556677889 \
    --traffic-type REJECT \
    --log-group-name my-flow-logs \
    --deliver-logs-permission-arn arn:aws:iam::123456789101:role/publishFlowLogs

Output:

{
    "ClientToken": "so0eNA2uSHUNlHI0S2cJ305GuIX1CezaRdGtexample",
    "FlowLogIds": [
        "fl-12345678901234567"
    ],
    "Unsuccessful": []
}

For more information, see VPC Flow Logs in the Amazon VPC User Guide.

Example 2: To create a flow log with a custom format

The following create-flow-logs example creates a flow log that captures all traffic for the specified VPC and delivers the flow logs to an Amazon S3 bucket. The --log-format parameter specifies a custom format for the flow log records. To run this command on Windows, change the single quotes (') to double quotes (").

aws ec2 create-flow-logs \
    --resource-type VPC \
    --resource-ids vpc-00112233344556677 \
    --traffic-type ALL \
    --log-destination-type s3 \
    --log-destination arn:aws:s3:::flow-log-bucket/my-custom-flow-logs/ \
    --log-format '${version} ${vpc-id} ${subnet-id} ${instance-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${protocol} ${tcp-flags} ${type} ${pkt-srcaddr} ${pkt-dstaddr}'

For more information, see VPC Flow Logs in the Amazon VPC User Guide.

Example 3: To create a flow log with a one-minute maximum aggregation interval

The following create-flow-logs example creates a flow log that captures all traffic for the specified VPC and delivers the flow logs to an Amazon S3 bucket. The --max-aggregation-interval parameter specifies a maximum aggregation interval of 60 seconds (1 minute).

aws ec2 create-flow-logs \
    --resource-type VPC \
    --resource-ids vpc-00112233344556677 \
    --traffic-type ALL \
    --log-destination-type s3 \
    --log-destination arn:aws:s3:::flow-log-bucket/my-custom-flow-logs/ \
    --max-aggregation-interval 60

For more information, see VPC Flow Logs in the Amazon VPC User Guide.

PowerShell
Tools for PowerShell

Example 1: This example creates EC2 flowlog for the subnet subnet-1d234567 to the cloud-watch-log named 'subnet1-log' for all 'REJECT' traffic using the perimssions of the 'Admin' role

New-EC2FlowLog -ResourceId "subnet-1d234567" -LogDestinationType cloud-watch-logs -LogGroupName subnet1-log -TrafficType "REJECT" -ResourceType Subnet -DeliverLogsPermissionArn "arn:aws:iam::98765432109:role/Admin"

Output:

ClientToken                                  FlowLogIds             Unsuccessful
-----------                                  ----------             ------------
m1VN2cxP3iB4qo//VUKl5EU6cF7gQLOxcqNefvjeTGw= {fl-012fc34eed5678c9d} {}

  • For API details, see CreateFlowLogs in AWS Tools for PowerShell Cmdlet Reference.