AWS-018 Amazon Web Services (AWS)

VPC Flow Logs are enabled on all VPCs.

VPC Flow Logs are enabled on all VPCs.

Domain
Amazon Web Services (AWS)
Area
Networking
Automated / manual
Automated

Risk if it fails

No network logs = blind to lateral movement/exfiltration.

Without network logs you cannot see an attacker moving between machines or copying data out — the digital equivalent of having no CCTV.

How Tess tests it

1 test — each concludes only on cited evidence.

VPC Flow Logs are enabled on all VPCs.

Automated
Procedure
Confirm flow logs exist for each VPC.

Read-only command 

aws ec2 describe-flow-logs --query 'FlowLogs[].{Id:FlowLogId,Resource:ResourceId,Status:FlowLogStatus}'

More in Amazon Web Services (AWS)

AWS-001 Root account MFA is enabled. AWS-002 No access keys exist on the root account. AWS-003 Root account is not used for day-to-day activity. AWS-004 Strong IAM password policy is enforced.

Want Tess to test AWS-018 against your evidence?

Book a demo