GCP-VPCNetwork-Flow-Logs-Enabled

Severity: High

Description: This control ensures that VPC Flow logs are enabled for every subnet in VPC Network. Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC Subnets. After you've created a flow log, you can view and retrieve its data in Stackdriver Logging. It is recommended that Flow Logs be enabled for every business critical VPC subnet.

Remediation Steps:

Perform following to enable flow log for subnet :

1. Sign in to GCP Console https://console.cloud.google.com.

2. Go to VPC network list in GCP Console by visiting networking list.

3. Click on the subnet name, the Subnet details page is displayed

4. Click on EDIT button

5. Set Flow Logs to On

6. Click on Save

Important:

By default, Flow Logs is set to Off when you create a new VPC network subnet.

Reference:

• CIS Google Cloud Platform Foundation Benchmark v1.2.0 - 05-01-2021: Recommendation #3.8

• https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging