Configure Flow Logs from Amazon S3

Configure S3 flow logs for your AWS account.
Prisma Cloud ingests the VPC flow logs from Amazon S3 buckets stored in a logging account and makes it available for network policy alerting and visualization. While onboarding your AWS account, you need to onboard the logging account which has the S3 bucket storing VPC flow logs for the monitored account.
  1. Onboard your AWS account.
  2. Onboard logging account and buckets to fetch flow logs from S3.
    1. Select
      Advanced Settings
      to configure flow logs from S3.
    2. Configure
    3. To
      Configure Logging Account
      enter an
      Account Name
      Account ID
      , and
      Role Name
      . By default, the role name is
      , which you can customize.
    4. All the configured Logging Accounts are displayed. You can select one of these Logging Accounts which contains the S3 bucket to which the VPC flow logs are being sent for the respective monitored account. Or you can
      a new Logging Account as described in Step 3 above.
    5. To
      Configure Buckets
      enter a
      Bucket Name
      and the
      Bucket Region
      that you have configured as destination for flow logs on the AWS Logging Account VPC Console. The
      Bucket Path Prefix
      Key ARN
      are optional. If you have any specific path (Bucket Path) prefix for flow logs and configured bucket encryption (Key ARN), you can enter those values.
    6. You can
      multiple buckets used for logging.
    7. Follow the steps displayed on
      Logging Account Template
      , enter the
      Role ARN
      , and
      . You can proceed further only if the validation is successful and you see a green
      The CFT template is deployed on the Logging Account through your AWS Management Console.
    8. In
      Configure S3 Flowlogs
      , select all the applicable
      Logging Buckets
      that Prisma Cloud can access and ingest flow logs from.
      When creating S3 Flow logs on the AWS console, make sure to partition your flow logs for
      Every 24 hours (Default)
      . Prisma Cloud does not support the
      Every hour (60 mins)
    9. After selecting the Logging Buckets,
      to make sure Prisma Cloud has all basic required permissions and access.
      If all the required permissions are present, you will see a green
    10. Save
      . Irrespective of the validation status, you can click
      to save these settings.
  3. If you’ve previously configured Cloudwatch and want to fetch flow logs from S3 for an already onboarded AWS account, go to
    Cloud Accounts
    , click the edit icon corresponding to that AWS account, select
    from the
    Flow Logs
    dropdown, click
    , and continue from Step 2.2 above.

Recommended For You