AWS code-library documentation change
Summary
Added PowerShell example for creating VPC flow logs to monitor REJECT traffic
Security assessment
Documents network traffic monitoring which is a security best practice, but doesn't address a specific vulnerability
Diff
diff --git a/code-library/latest/ug/ec2_example_ec2_CreateFlowLogs_section.md b/code-library/latest/ug/ec2_example_ec2_CreateFlowLogs_section.md index fc35f8b53..ca3f13ed2 100644 --- a//code-library/latest/ug/ec2_example_ec2_CreateFlowLogs_section.md +++ b//code-library/latest/ug/ec2_example_ec2_CreateFlowLogs_section.md @@ -103,0 +104,21 @@ PowerShell +**Tools for PowerShell V5** + + +**Example 1: This example creates EC2 flowlog for the subnet subnet-1d234567 to the cloud-watch-log named 'subnet1-log' for all 'REJECT' traffic using the perimssions of the 'Admin' role** + + + New-EC2FlowLog -ResourceId "subnet-1d234567" -LogDestinationType cloud-watch-logs -LogGroupName subnet1-log -TrafficType "REJECT" -ResourceType Subnet -DeliverLogsPermissionArn "arn:aws:iam::98765432109:role/Admin" + + +**Output:** + + + ClientToken FlowLogIds Unsuccessful + ----------- ---------- ------------ + m1VN2cxP3iB4qo//VUKl5EU6cF7gQLOxcqNefvjeTGw= {fl-012fc34eed5678c9d} {} + + * For API details, see [CreateFlowLogs](https://docs.aws.amazon.com/powershell/v5/reference) in _AWS Tools for PowerShell Cmdlet Reference (V5)_. + + + +