Skip to main content
All CollectionsTemplatesIntermediate
Remediate AWS VPC Created without Flow Logs with Orca - Workflow Template
Remediate AWS VPC Created without Flow Logs with Orca - Workflow Template

Receive an alert on an AWS VPC created without Flow Logs. Reach out to the owner, suggest remediation and define Flow Logs in AWS.

Updated over 6 months ago

This Torq workflow template addresses the critical business need of ensuring AWS Virtual Private Cloud (VPC) security by automating the remediation process for VPCs created without Flow Logs. The workflow initiates upon identifying such a VPC, proceeds to locate the VPC owner via Slack, and suggests enabling Flow Logs. If approved by the owner, the workflow automatically configures the necessary Flow Logs within AWS and re-scans the VPC. Rejection by the owner leads to the collection of a reason and the initiation of follow-up actions within Jira for further investigation and remediation planning.

Take Me to the Template

Trigger

Orca

Use Cases

CSPM

Workflow Breakdown

  1. Retrieve VPC details and tags, including owner

  2. Search for the owner in Slack

  3. Reach out to the owner, notify about the issue, suggest remediation

  4. If the owner approves, define VPC Flow Logs in AWS, rescan the VPC

  5. If the owner rejects, collect a reason and open follow-up Jira tickets

Vendors

AWS, Slack, Utils, Orca, Jira Cloud

Workflow Output

Success / Failure, Jira Tickets

Tips

Ensure proper permissions within AWS to communicate with create-flow-logs CLI endpoint

Related Articles
Enable AWS S3 Bucket Versioning on Orca Alert - Workflow Template
Handle AWS Security Group with Open SSH Access on Orca Alert - Workflow Template
Enable Encryption on AWS S3 Bucket on Alert from Orca - Workflow Template
Handle Orca Alert for IAM Role with Admin Permissions - Workflow Template
Handle AWS S3 Bucket Should Enforce HTTPS Alert from Orca - Workflow Template
Did this answer your question?