-
Notifications
You must be signed in to change notification settings - Fork 25
AWS VPC Flow Logs
Ian edited this page Oct 11, 2021
·
10 revisions
This setup will send flow logs from AWS to New Relic.
It uses the ktranslate docker image as a Lambda function to do so.
Steps:
- Enable VPC logs into an S3 bucket. Follow these instructions.
Note: Ensure that if using a custom format, the version field is added.
- Create a private ECR registry and upload the kentik/ktranslate:v2arm64 image here. For example, assuming your account ID is
451031991406and you wish to operate in theus-east-1region:
docker pull kentik/ktranslate:v2arm64
docker tag kentik/ktranslate:v2arm64 451031991406.dkr.ecr.us-east-1.amazonaws.com/ktranslate:v2arm64
docker push 451031991406.dkr.ecr.us-east-1.amazonaws.com/ktranslate:v2arm64
Note: This image is an ARM based image, not x86. Use kentik/ktranslate:v2 if you prefer a x86 based image.
Further instructions are here.
- Create a Lambda function from the uploaded ECR image. You only need to set the following environmental variables:
| Variable Name | Value |
|---|---|
| AWS_IS_LAMBDA | TRUE |
| KENTIK_MODE | nr1.vpc.lambda |
| KENTIK_VPC | aws |
| NEW_RELIC_API_KEY | $NR_INSIGHTS_INSERT_KEY |
| NR_ACCOUNT_ID | $NR_ACCOUNT_ID |
-
Create a trigger so that the function runs on every PUT and POST of an object into your S3 bucket. Instructions are here.
-
Watch events come into New Relic into the KFlow table. A query to see this data is:
SELECT * FROM KFlow where provider = 'kentik-vpc' SINCE 30 MINUTES AGO