More
AWS Foundational Security Best Practice
VPC flow logging should be enabled in all VPCs
This control checks whether Amazon Virtual Private Cloud flow logs are found and enabled for Amazon VPCs. The traffic type is set to 'Reject'.