AWS Security ChangesHomeSearch

AWS code-library documentation change

Service: code-library · 2025-06-28 · Documentation low

File: code-library/latest/ug/ec2_example_ec2_CreateFlowLogs_section.md

Summary

Added PowerShell example for creating VPC flow logs to monitor REJECT traffic

Security assessment

Documents network traffic monitoring which is a security best practice, but doesn't address a specific vulnerability

Diff

diff --git a/code-library/latest/ug/ec2_example_ec2_CreateFlowLogs_section.md b/code-library/latest/ug/ec2_example_ec2_CreateFlowLogs_section.md
index fc35f8b53..ca3f13ed2 100644
--- a//code-library/latest/ug/ec2_example_ec2_CreateFlowLogs_section.md
+++ b//code-library/latest/ug/ec2_example_ec2_CreateFlowLogs_section.md
@@ -103,0 +104,21 @@ PowerShell
+**Tools for PowerShell V5**
+    
+
+**Example 1: This example creates EC2 flowlog for the subnet subnet-1d234567 to the cloud-watch-log named 'subnet1-log' for all 'REJECT' traffic using the perimssions of the 'Admin' role**
+    
+    
+    New-EC2FlowLog -ResourceId "subnet-1d234567" -LogDestinationType cloud-watch-logs -LogGroupName subnet1-log -TrafficType "REJECT" -ResourceType Subnet -DeliverLogsPermissionArn "arn:aws:iam::98765432109:role/Admin"
+    
+
+**Output:**
+    
+    
+    ClientToken                                  FlowLogIds             Unsuccessful
+    -----------                                  ----------             ------------
+    m1VN2cxP3iB4qo//VUKl5EU6cF7gQLOxcqNefvjeTGw= {fl-012fc34eed5678c9d} {}
+
+  * For API details, see [CreateFlowLogs](https://docs.aws.amazon.com/powershell/v5/reference) in _AWS Tools for PowerShell Cmdlet Reference (V5)_. 
+
+
+
+