Configure Flow Logs from Amazon S3

Configure S3 flow logs for your AWS account.
Prisma Cloud ingests the VPC flow logs from Amazon S3 buckets stored in a logging account and makes it available for network policy alerting and visualization. While onboarding your AWS account, you need to onboard the logging account which has the S3 bucket storing VPC flow logs for the monitored account.
To configure the flow logs during AWS account onboarding:
  1. Onboard your AWS account.
  2. Onboard logging account and buckets to fetch flow logs from S3. Use
    Advanced Settings
    to configure flow logs from S3.
    1. Under
      Advanced Settings
      , select
      S3
      .
    2. Configure
      .
    3. To
      Configure Logging Account
      enter an
      Account Name
      ,
      Account ID
      , and
      Role Name
      . By default, the role name is
      prisma-cloud-logging-role
      , which you can customize.
    4. All the configured Logging Accounts are displayed. You can select one of these Logging Accounts which contains the S3 bucket to which the VPC flow logs are being sent for the respective monitored account. Or you can
      Add
      a new Logging Account as described in Step 3 above.
    5. To
      Configure Buckets
      enter a
      Bucket Name
      and the
      Bucket Region
      that you have configured as destination for flow logs on the AWS Logging Account VPC Console. The
      Bucket Path Prefix
      and
      Key ARN
      are optional. If you have any specific path (Bucket Path) prefix for flow logs and configured bucket encryption (Key ARN), you can enter those values.
    6. You can
      Add
      or
      Remove
      multiple buckets used for logging.
    7. Follow the steps displayed on
      Logging Account Template
      , enter the
      Role ARN
      , and
      Validate
      . You can proceed further only if the validation is successful and you see a green
      Validated
      checkmark.
      The CFT template is deployed on the Logging Account through your AWS Management Console.
    8. In
      Configure S3 Flowlogs
      , select all the applicable
      Logging Buckets
      that Prisma Cloud can access and ingest flow logs from.
    9. After selecting the Logging Buckets,
      Validate
      to make sure Prisma Cloud has all basic required permissions and access.
      If all the required permissions are present, you will see a green
      Validated
      checkmark.
    10. Save
      . Irrespective of the validation status, you can click
      Save
      to save these settings.
  3. If you’ve previously configured Cloudwatch and want to fetch flow logs from S3 for an already onboarded AWS account, go to
    Settings
    Cloud Accounts
    , click the edit icon corresponding to that AWS account, select
    S3
    from the
    Flow Logs
    dropdown, click
    Configure
    , and continue from Step 2.2 above.

Recommended For You