---
names:
  full: AWS VPC Flow Logs are not enabled
  contextual: Flow Logs are not enabled
description: "VPC Flow Logs is a feature that enables you to capture information about\
  \ the IP traffic going to and from network interfaces in your VPC. After you've\
  \ created a flow log, you can view and retrieve its data in Amazon CloudWatch Logs.\
  \ It is recommended that VPC Flow Logs be enabled for packet 'Rejects' for VPCs."
type: COMPLIANCE_POLICY
categories:
  - "SECURITY"
  - "RELIABILITY"
frameworkMappings:
  - "/frameworks/cis-aws-v6.0.0/04/07"
  - "/frameworks/cloudaware/logging-and-monitoring/logging-and-monitoring-configuration"
  - "/frameworks/aws-fsbp-v1.0.0/ec2/06"
similarPolicies:
  awsSecurityHub:
    - name: "[EC2.6] VPC flow logging should be enabled in all VPCs"
      url: "https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-6"
  cloudConformity:
    - url: https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/VPC/vpc-flow-logs-enabled.html
      name: VPC Flow Logs Enabled
  internal:
    - dec-x-9c041667