Alibaba Cloud VPC Flow Logs capture IP traffic information for Elastic Network Interfaces, VSwitches, or entire VPCs. When a flow log is created for a VPC, all ENIs within it, including newly created ones, are automatically monitored. Flow log data is stored in Log Service where it can be viewed and analyzed for security and operational purposes.
Risk
Without VPC Flow Logs enabled, there is no visibility into network traffic traversing the VPC. This prevents detection of anomalous traffic patterns, unauthorized network connections, and data exfiltration attempts, and severely limits the ability to investigate network-based security incidents.
prowler alibabacloud --checks vpc_flow_logs_enabled
Recommendation
Enable VPC Flow Logs for all VPCs to capture IP traffic information and store it in Log Service for security analysis, anomaly detection, and incident response.
Remediation
aliyun vpc CreateFlowLog --ResourceId <vpc_id> --ResourceType VPC --FlowLogName <flow_log_name> --LogStoreName <log_store_name> --ProjectName <project_name>
- Log on to the VPC Console
- In the left-side navigation pane, click FlowLog
- Click Create Flow Log
- Select the target VPC as the resource
- Configure the Log Service project and logstore for storing flow log data
- Click OK to enable flow logging
Source Code
Resource Type
ALIYUN::VPC::FlowLog