Use The Stax API to Enable VPC CloudWatch Logs

If you've created a VPC using Stax Networks, you can enable CloudWatch Logs for your VPC Flow Logs using the Stax API.

Article Tags
On This Page
Before You BeginEnable CloudWatch Logs for VPC Flow LogsSee also

The Python SDK is the easiest way to get started with the Stax API. The Networking components of the SDK and API allow enabling of the CloudWatch Logs component of VPCs.

Before You Begin

Enable CloudWatch Logs for VPC Flow Logs

Two Python scripts will be used, the first to retrieve a list of VPCs and their corresponding IDs, and the second to enable CloudWatch Logs for the VPC Flow Logs of a given VPC ID.

get-vpcs.py

get-vpcs.py below will return a list of all Networking Hubs and the VPCs within them. Beside each VPC is its unique ID within Stax.

import os
from staxapp.config import Config
from staxapp.openapi import StaxClient

Config.access_key = os.getenv("STAX_ACCESS_KEY")
Config.secret_key = os.getenv("STAX_SECRET_KEY")

networksClient = StaxClient("networking")

hubs = networksClient.ReadHubs()['Hubs']
vpcs = networksClient.ReadVpcs()['Vpcs']

for hub in hubs:
  print(f'|\n|-- Hub: {hub["Name"]} ({hub["Region"]}, ID: {hub["Id"]})')
  for vpc in vpcs:
    if vpc['NetworkingHubId'] == hub['Id']:
      print(f'|    |-- {vpc["Name"]} (ID: {vpc["Id"]})')

Invoke the script with your own API access key and secret key as follows:

$ STAX_ACCESS_KEY=myaccesskey \
STAX_SECRET_KEY=mysecretkey \
python get-vpcs.py

A response similar to the below will be returned:

|
|-- Hub: prod-apse2 (ap-southeast-2, ID: 8c0a3d8f-432a-4d7a-a277-4afd69be7d54)
|    |-- apse2-website-prod (4c975bcd-fd09-4095-bad2-78eec379da44)
|    |-- stax-prod-apse2-transit-vpc (bca299a8-855b-452e-8364-2cd1eba30ba9)
|    |-- apse2-shared-prod (dc7ea159-3677-4c48-b05d-317b29db3cd5)

enable-vpc-cwl.py

enable-vpc-cwl.py below will enable CloudWatch Logs for the VPC flow logs of a given VPC ID. This is the Stax ID of the VPC (a UUID), not the AWS identifier for the VPC.

import json
import os
from dotenv import load_dotenv
from staxapp.config import Config
from staxapp.openapi import StaxClient

load_dotenv()

Config.access_key = os.getenv("STAX_ACCESS_KEY")
Config.secret_key = os.getenv("STAX_SECRET_KEY")

networksClient = StaxClient("networking")

vpc_id = os.getenv("VPC_ID")

body = {
  "CreateCloudwatchVpcFlowlogs": True
}

response = networksClient.UpdateVpc(vpc_id=vpc_id, **body)

print(json.dumps(response,indent=2))

Invoke the script with your own API access key and secret key, as well as a VPC ID as follows:

$ STAX_ACCESS_KEY=myaccesskey \
STAX_SECRET_KEY=mysecretkey \
VPC_ID=dc7ea159-3677-4c48-b05d-317b29db3cd5 \
python enable-vpc-cwl.py

A response similar to the below will be returned:

{
  "DetailType": "stax.networking.vpc",
  "Detail": {
    "Message": {
      "TaskId": "7e138167-fd8a-4206-b6f6-c71fc6ae9909",
      "CustomerId": "3e0cc83a-6829-4621-ab1b-e0b93ae6b0ef",
      "TraceId": "Root=1-5f8e5fb6-3154a3e52dfcdbcd6057d596"
    },
    "TraceId": "Root=1-5f8e5fb6-3154a3e52dfcdbcd6057d596",
    "Operation": "networking:UpdateVpc",
    "OperationStatus": "STARTED",
    "Severity": "info"
  }
}

Make a note of the TaskId returned by the output. You can then monitor the task status to ensure the operation completes successfully.

For more examples of using the Stax Python SDK, see the examples.

See also