Breaking News from AWS re:Invent
Coralogix receives AWS Rising Star award!

Back to All Docs

AWS VPC Flow Logs AWS VPC Flow Logs

Last Updated: Oct. 03, 2023

Forward your VPC flow Logs straight to Coralogix using our automatic configuration. To make the log collection a breeze, use our app in the AWS Serverless Application Repository.


  • Ready-made S3 bucket that is clear of any Lambda triggers
  • AWS permissions to create Lambdas and IAM roles

Automatic Configuration

The following instructions demonstrate how to forward your VPC flow logs direcly to Coralogix using our automatic configuration. Once the deployment is complete, every new gzipped log file placed in the Lambda will be sent to Coralogix.

STEP 1. Setup delivery of your VPC Flow Logs to S3 bucket.

STEP 2. Navigate to the application page and fill in the required parameters.

STEP 3. Check the checkbox: I acknowledge that this app creates custom IAM roles and resource policies.

STEP 4. Click Deploy.

Parameters and Descriptions

Application NameStack name of the application created via AWS CloudFormation
If your log is JSON format, use its dynamic value.
Example: $.level1.level2.value
NotificationEmailFailure notification email address
S3BucketNameName of the S3 bucket to watch
ApplicationNameApplication name as it appears in your Coralogix UI
BlockingPatternIf you wish to block some of the logs adding a substring will act as selector.
Default is empty to send all logs.
BufferSizeBuffer size for logs in the lambda function
CoralogixRegionRegion associated with your Coralogix account domain
CustomDomainCoralogix custom domain. Leave empty if you do not use a custom domain.
DebugCoralogix logger debug mode
FunctionArchitectureFunction supports x86_64 or arm64
FunctionMemorySizeMax memory for the function itself
FunctionTimeoutMaximum time in seconds the function may be allowed to run
NewlinePatternPattern for lines splitting
MultiLine Example: [\s(?={)|(?<=})\s,\s(?={)|(?<=})\s]
ApiKeyYour Coralogix Send-Your-Data API key
* If you have created a secret in AWS Secrets Manager, use the secret that contains your Coralogix Send-Your-Data API key
LayerARNIf using AWS Secrets Manager, this is the ARN of the Coralogix Lambda layer.
If not, leave empty.
CreateSecret If you have created a secret in AWS Secrets Manager containing your Coralogix Send-Your-Data API key, set to False.
SamplingRateSets the sampling rate
The rate is set to 1 by default, meaning that it collects every log message from the S3 bucket. Increase it to change the sampling rate [i.e. increase it to 2 to ship 1 of every 2 logs, etc].
SubsystemNameSubsystem name as it appears in your Coralogix UI
If your log is in JSON format, you can use its dynamic value.
Example: $.level1.level2.value
S3KeyPrefixS3 path prefix to watch
S3KeySuffixS3 path suffix to watch


Need help?

Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.

Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].

On this page