How to submit the challenge
In this lab challenge, your Amazon VPC and VPC Flow Logs skills are put to the test. You'll be given a requirement and you have to reach it using your knowledge of AWS VPC and other AWS services relevant to working with VPC Flow Logs and CloudWatch logs. The Lab Challenge helps you understand the real-time scenarios.
Create a CloudWatch Log Group. Once the traffic is generated and logs are processed by EC2 Instances. It will be visible here.
Create VPC and Subnets. For this lab, you will not use the default VPC present in the account, rather you will create a custom VPC and a subnet for the custom VPC.
Create an Internet Gateway and attach it to the Custom VPC. Internet gateway will help you get access to the Internet only after adding its routes in the Route table.
Add 0.0.0.0/0 as a route to your default route table of Custom VPC. By completing this step, the EC2 Instances launched with this VPC can access the Internet. Make sure to enable Auto-assign public IP, either in the Subnet settings or while configuring the EC2 Instance.
Create an IAM role with a new policy mentioned in the Resources section below. Then, update the trust policy by changing the service name to vpc-flow-logs.
Create VPC Flow logs using CloudWatch Logs as a destination, Select IAM Role as newly created role, and keep the maximum aggregation interval to 1 minute, else you may have to wait for 10-minute for logs to be visible in CloudWatch logs.
Launch an EC2 Instance having Amazon Linux 2 as AMI, t2.micro as Instance type, Newly created VPC as Network, and enable the Auto-assign Public IP and Create a Key pair of type RSA required for SSH.
SSH into EC2 Instance using Key pair and run some sample commands, to generate traffic.
View the logs generated by EC2 Instance in the CloudWatch Logs group.
Click on Validate to complete the challenge.