This recommendation builds upon the Foundation benchmark recommendation: “EnsureVPC Flow Logging is Enabled in all Applicable Regions”
VPC flow logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data is stored using Amazon CloudWatch Logs. VPC flow logs can capture accepted traffic, rejected traffic, or all traffic.
Metric filters can be used to express how the service would extract metric observations from ingested events and transform them to data points in a CloudWatch metric. Metric filters are assigned to log groups, and all of the filters assigned to a log group are applied to their log streams.
A metric filter should be created for counting how many IP packets are rejected in the VPC flow logs.
Using the Amazon unified command line interface: