This is 1 of 2 blog posts on what you’ll need to do to set up FlowLog-Stats. This blog post outlines instructions for giving FlowLog-Stats read only access to your AWS Flow Logs and should take <10 minutes. To learn how to enable Flow Logs on AWS, please read more here.
These steps are agnostic to if you are going to use FlowLog-Stats.com or not. If you wanted to enable AWS Flow Logs and give read permission to any application, this would be how you would set it up.
These instructions outline one of the easiest methods for creating a machine user and granting this user rights to read the Flow Logs so that FlowLog-Stats can pull the data and process it. By creating a user for only this purpose, you can audit this user and restrict permissions. This step is optional – you can also just give FlowLog-Stats full access if you’d like. Rest assured that our code base doesn’t do anything but read from the Flow Logs.
Step One (Optional): Create a machine user
Go to Service -> IAM to create a new user. On the left hand side, click on
Users. Then near the top middle click on the
Create New Users button.
Now enter in a user name (for example, machine.flowlog-stats). Then click the
Create button on the bottom right.
It will bring you to this screen, if you click the
Show User Security Credentials you will see an
Access Key ID and
Secret Access Key string. Copy this down. This will be the last time you can get these keys since this is confidential information that AWS does NOT save.
After you record the credentials, you can click on
close link on the bottom. This will bring you back to the user’s list screen so you can give this user permission.
Step Two: Granting Read Only Access
On the user’s list screen, click on the machine.flowlog-stats user to see its details.
Click on the
Attach Policy button.
In the search filter, put in
Click the check box and then click the
Attach Policy button on the bottom right.
You’re done! Now this user has READ ONLY access to your CloudWatch Logs and FlowLog-Stats can create your daily dashboard. If you haven’t enabled Flow Logs on AWS, please read more here.