Demo VPC Flow Logs and CloudTrail logs

Create a CloudWatch Logs Log group

• Name: Demo-Log-Group

Configure CloudTrail to send to CloudWatch Logs

1. Create a new CloudTrail trail, note that there's no way to specify the CloudWatch Logs Log group from that initial creation screen.

2. Edit the CloudTrail trail to assign it to a CloudWatch Logs Log group. An IAM Role will be created automatically.