Use CreateFlowLogs with an Amazon SDK or CLI - Amazon Elastic Compute Cloud
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Use CreateFlowLogs with an Amazon SDK or CLI

The following code examples show how to use CreateFlowLogs.

CLI
Amazon CLI

Example 1: To create a flow log

The following create-flow-logs example creates a flow log that captures all rejected traffic for the specified network interface. The flow logs are delivered to a log group in CloudWatch Logs using the permissions in the specified IAM role.

aws ec2 create-flow-logs \
    --resource-type NetworkInterface \
    --resource-ids eni-11223344556677889 \
    --traffic-type REJECT \
    --log-group-name my-flow-logs \
    --deliver-logs-permission-arn arn:aws:iam::123456789101:role/publishFlowLogs

Output:

{
    "ClientToken": "so0eNA2uSHUNlHI0S2cJ305GuIX1CezaRdGtexample",
    "FlowLogIds": [
        "fl-12345678901234567"
    ],
    "Unsuccessful": []
}

For more information, see VPC Flow Logs in the Amazon VPC User Guide.

Example 2: To create a flow log with a custom format

The following create-flow-logs example creates a flow log that captures all traffic for the specified VPC and delivers the flow logs to an Amazon S3 bucket. The --log-format parameter specifies a custom format for the flow log records. To run this command on Windows, change the single quotes (') to double quotes (").

aws ec2 create-flow-logs \
    --resource-type VPC \
    --resource-ids vpc-00112233344556677 \
    --traffic-type ALL \
    --log-destination-type s3 \
    --log-destination arn:aws:s3:::flow-log-bucket/my-custom-flow-logs/ \
    --log-format '${version} ${vpc-id} ${subnet-id} ${instance-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${protocol} ${tcp-flags} ${type} ${pkt-srcaddr} ${pkt-dstaddr}'

For more information, see VPC Flow Logs in the Amazon VPC User Guide.

Example 3: To create a flow log with a one-minute maximum aggregation interval

The following create-flow-logs example creates a flow log that captures all traffic for the specified VPC and delivers the flow logs to an Amazon S3 bucket. The --max-aggregation-interval parameter specifies a maximum aggregation interval of 60 seconds (1 minute).

aws ec2 create-flow-logs \
    --resource-type VPC \
    --resource-ids vpc-00112233344556677 \
    --traffic-type ALL \
    --log-destination-type s3 \
    --log-destination arn:aws:s3:::flow-log-bucket/my-custom-flow-logs/ \
    --max-aggregation-interval 60

For more information, see VPC Flow Logs in the Amazon VPC User Guide.

  • For API details, see CreateFlowLogs in Amazon CLI Command Reference.

PowerShell
Tools for PowerShell

Example 1: This example creates EC2 flowlog for the subnet subnet-1d234567 to the cloud-watch-log named 'subnet1-log' for all 'REJECT' traffic using the perimssions of the 'Admin' role

New-EC2FlowLog -ResourceId "subnet-1d234567" -LogDestinationType cloud-watch-logs -LogGroupName subnet1-log -TrafficType "REJECT" -ResourceType Subnet -DeliverLogsPermissionArn "arn:aws:iam::98765432109:role/Admin"

Output:

ClientToken                                  FlowLogIds             Unsuccessful
-----------                                  ----------             ------------
m1VN2cxP3iB4qo//VUKl5EU6cF7gQLOxcqNefvjeTGw= {fl-012fc34eed5678c9d} {}

  • For API details, see CreateFlowLogs in Amazon Tools for PowerShell Cmdlet Reference.

For a complete list of Amazon SDK developer guides and code examples, see Create Amazon EC2 resources using an Amazon SDK. This topic also includes information about getting started and details about previous SDK versions.