diff --git a/runbooks/source/analyze-vpc-flow-logs.html.md.erb b/runbooks/source/analyze-vpc-flow-logs.html.md.erb index 5e8fe529..9b170235 100644 --- a/runbooks/source/analyze-vpc-flow-logs.html.md.erb +++ b/runbooks/source/analyze-vpc-flow-logs.html.md.erb @@ -1,20 +1,20 @@ --- title: Analyze VPC Flow Logs weight: 219 -last_reviewed_on: 2023-12-14 +last_reviewed_on: 2024-06-17 review_in: 6 months --- # <%= current_page.data.title %> -Cloud Platform `live-1` VPC is connected to various other MoJ AWS accounts VPC using Transit Gateway. In order to debug network connectivity issues +Cloud Platform `live-1` VPC is connected to various MoJ AWS accounts VPCs using Transit Gateway. In order to debug network connectivity issues that are coming to/from Cloud Platform VPC, the VPC flow logs are enabled. These logs are stored in an S3 bucket and can be analyzed using Athena when needed. -The steps involve a pointy-clicky exercise to generate Athena integration by creating a CloudFormation stack using a template and use that as a datasource in Athena +The steps involve a pointy-clicky exercise to generate Athena integration by creating a CloudFormation stack using a template and use that as a datasource in Athena. Follow the steps as mentioned in the blog: [AWS blog - Analyze VPC Flow Logs with point-and-click Amazon Athena integration](https://aws.amazon.com/blogs/networking-and-content-delivery/analyze-vpc-flow-logs-with-point-and-click-amazon-athena-integration/). Things to note: - When creating a CloudFormation template, use the `Partition: Daily` option. This will create a partition for each day and will make it easier to query the logs for a specific day. - Provide Partition start date and end date closer when the issue was observed. The duration is limited to 20 days -- Create two s3 buckets one for CloudFormation template and and another one to store the Athena query results which you will provide when creating the CloudFormation stack. +- Create two s3 buckets: one for CloudFormation template and another to store the Athena query results which you will provide when creating the CloudFormation stack. - When the flow logs are downloaded and the user has investigated the issue, delete the created s3 buckets for CloudFormation template and Athena query results and the CloudFormation stack.