Updated on 2025-08-25 GMT+08:00

VPCs Have Enabled Flow Logs

Rule Details

Table 1 Rule details

Parameter

Description

Rule Name

vpc-flow-logs-enabled

Identifier

VPCs Have Enabled Flow Logs

Description

If flow logging is not enabled for all VPCs, this VPC is non-compliant.

Tag

vpc

Trigger Type

Configuration change

Filter Type

vpc.vpcs

Rule Parameters

None

Application Scenarios

VPC flow logs help you collect traffic information about instances in a specified VPC, including inbound and outbound traffic. After creating a VPC flow log, you can view the flow log records in the configured log group. For details, see VPC Flow Log. Flow logs can help you:

  • Monitor the traffic of security groups and network ACLs, and refine the control rules of security groups and network ACLs.
  • Monitor the traffic of network instances and analyze network attacks.
  • Determine the direction of the traffic to and from network interfaces.

Rule Logic

  • If a VPC does not have flow logging enabled, this VPC is non-compliant.
  • If flow logging is enabled for a VPC, this VPC is compliant.