By DeepSource

VPC Flow Logs is disabled for every subnet in a VPC Network TF-S2026


Flow Logs capture information about IP traffic going to and from network interfaces. This information can detect abnormal traffic and insight into security workflows. You can view and retrieve flow log data in Stackdriver Logging.

VPC networks and subnetworks provide logically isolated and secure network partitions to launch Google Cloud Platform (GCP) resources. When Flow Logs are enabled for a subnet, VMs within that subnet report on all TCP and UDP flows. Each VM samples the inbound and outbound TCP and UDP flows it sees, whether the flow is to or from another VM, a host in the on-premises datacenter, a Google service, or a host on the Internet. If two GCP VMs are communicating and both are in subnets with VPC Flow Logs enabled, both VMs report the flows.

We recommended you set Flow Logs to On to capture this data. Because the volume of logs may be high, you may wish to enable flow logs only for business-critical VPC Network Subnets.


resource "google_compute_subnetwork" "recommended" {
  name          = "flow-log-subnetwork"
  ip_cidr_range = ""
  region        = "uk-central1"
  network       = google_compute_network.test.id

  log_config {
    aggregation_interval = "INTERVAL_10_MIN"
    flow_sampling        = 1.0
    metadata             = "INCLUDE_ALL_METADATA"