Prisma Cloud ingests the VPC flow logs from
Amazon S3 buckets stored in a logging account and makes it available
for network policy alerting and visualization. While onboarding your
AWS account, you need to onboard the logging account which has the
S3 bucket storing VPC flow logs for the monitored account.
configure the flow logs during AWS account onboarding:
Onboard logging account and buckets to fetch flow logs
from S3. Use
to configure flow logs from
Configure Logging Account
. By default, the role name is
which you can customize.
All the configured Logging Accounts are displayed.
You can select one of these Logging Accounts which contains the
S3 bucket to which the VPC flow logs are being sent for the respective
monitored account. Or you can
a new Logging
Account as described in Step 3 above.
you have configured as destination for flow logs on the AWS Logging
Account VPC Console. The
Bucket Path Prefix
are optional. If you have any specific path (Bucket
Path) prefix for flow logs and configured bucket encryption (Key
ARN), you can enter those values.
used for logging.
Follow the steps displayed on
Logging Account Template
You can proceed further only if the validation is successful and
you see a green
The CFT template is deployed on the Logging Account through
your AWS Management Console.
Configure S3 Flowlogs
, select all the applicable
that Prisma Cloud can access and ingest flow
After selecting the Logging Buckets,
make sure Prisma Cloud has all basic required permissions and access.
If all the required permissions are present, you will see
. Irrespective of the validation
status, you can click
to save these settings.
If you’ve previously configured Cloudwatch and want to
fetch flow logs from S3 for an already onboarded AWS account, go
, click the edit icon corresponding
to that AWS account, select