Real-time Anomaly Detection in VPC Flow Logs (in AWS)
Credit goes to Igor Kantor (https://medium.com/@devfire) who wrote the original post (5 parts) on Medium:
The goal of this GitHubGist is to support anyone who wants to implement the described architecture and get it running on AWS. This means you should use both the Medium Post and this GitHubGist for the implementation (since I will not repeat all the text here).
On my aws account I used a prefix (medium_) for all services, to easily find them amongst all the other running services/instance/funtions/roles etc. (just as a suggestion). It will make cleaning up your aws account easier later on.