Step 1: Send Log Data from Amazon VPC to Amazon CloudWatch - Amazon Kinesis Data Firehose
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Step 1: Send Log Data from Amazon VPC to Amazon CloudWatch

In the first part of this Kinesis Data Firehose tutorial, you create an Amazon CloudWatch log group to receive your Amazon VPC flow logs. Then, you create flow logs for your Amazon VPC and send them to the CloudWatch log group that you created.

To create a CloudWatch log group to receive your Amazon VPC flow logs

  1. Sign in to the Amazon Web Services Management Console and open the CloudWatch console at https://console.amazonaws.cn/cloudwatch/.

  2. In the navigation pane, choose Log groups.

  3. Choose Actions, and then choose Create log group.

  4. Enter the name VPCtoSplunkLogGroup, and choose Create log group.

To create a VPC flow log

  1. Open the Amazon VPC console at https://console.amazonaws.cn/vpc/.

  2. In the navigation pane, choose Your VPCs. Then choose your VPC from the list by selecting the check box next to it.

    Screenshot of the VPC dashboard showing the actions menu and where to check the box to select your VPC.

  3. Choose Actions, and then choose Create flow log.

  4. In the Filter* list, choose All.

  5. Keep the destination set to Send to CloudWatch Logs.

  6. For Destination log group*, choose VPCtoSplunkLogGroup, which is the log group that you created in the previous procedure.

  7. To set up an IAM role, choose Set Up Permissions.

    Screenshot showing the Set Up Permissions link.

  8. In the new window that appears, keep IAM Role set to Create a new IAM Role. In the Role Name box, enter VPCtoSplunkWritetoCWRole. Then choose Allow.

    Screenshot showing creating the role named VPCtoSplunkWritetoCWRole.

  9. Return to the Create flow log browser tab, and refresh the IAM role* box. Then choose VPCtoSplunkWritetoCWRole in the list.

  10. Choose Create, and then choose Close.

  11. Back on the Amazon VPC dashboard, choose Your VPCs in the navigation pane. Then select the check box next to your VPC.

  12. Scroll down and choose the Flow Logs tab, and look for the flow log that you created in the preceding steps. Ensure that its status is Active. If it is not, review the previous steps.

Proceed to Step 2: Create a Kinesis Data Firehose Delivery Stream with Splunk as a Destination.