Our next-gen architecture is built to help you make sense of your ever-growing data Watch a 4-min demo video!

Back to All Integrations

AWS VPC Flow Logs AWS VPC Flow Logs

Last Updated: May. 23, 2023

Forward your VPC flow Logs straight to Coralogix using our automatic configuration. To make the log collection a breeze, use our app in the AWS Serverless Application Repository.


  • Ready-made S3 bucket that is clear of any Lambda triggers
  • AWS permissions to create Lambdas and IAM roles

Automatic Configuration

The following instructions demonstrate how to forward your VPC flow logs direcly to Coralogix using our automatic configuration. Once the deployment is complete, every new gzipped log file placed in the Lambda will be sent to Coralogix.

STEP 1. Setup delivery of your VPC Flow Logs to S3 bucket.

STEP 2. Navigate to the application page and fill in the required parameters.

STEP 3. Check the checkbox: I acknowledge that this app creates custom IAM roles and resource policies.

STEP 4. Click Deploy.

Parameters and Descriptions

Application NameStack name of the application created via AWS CloudFormation.
If your log is JSON format, use its dynamic value.
Example: $.level1.level2.value
NotificationEmailFailure notification email address
S3BucketNameName of the S3 bucket to watch
ApplicationNameApplication name as it appears in your Coralogix UI
BlockingPatternIf you wish to block some of the logs adding a substring will act as selector.
Default is empty to send all logs.
BufferSizeBuffer size for logs in the lambda function
CoralogixRegionRegion [Europe, Europe2, India, Singapore, or US] associated with your Coralogix account domain
CustomDomainCoralogix custom domain. Leave empty if you do not use a custom domain.
DebugCoralogix logger debug mode
FunctionArchitectureFunction supports x86_64 or arm64
FunctionMemorySizeMax memory for the function itself
FunctionTimeoutMaximum time in seconds the function may be allowed to run
NewlinePatternPattern for lines splitting.
MultiLine Example: [\s(?={)|(?<=})\s,\s(?={)|(?<=})\s]
PrivateKeyYour Coralogix ‘Send Your Data’ API Key
SsmEnabledTrue if you want to store your coralogix private_key as a secret and False if you do not
LayerARNYour Coralogix SSM Layer ARN
SamplingRateSets the sampling rate
SubsystemNameSubsystem name as it appears in your Coralogix UI. If your log is in JSON format, you can use its dynamic value.
Example: $.level1.level2.value
S3KeyPrefixS3 path prefix to watch
S3KeySuffixS3 path suffix to watch


Need help?

Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.

Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].

On this page