In order to verify whether a flow log is working, and to get practice with the flow log, we are going to create an EC2 machine for the subnet login in SSH, and we will analyze the traffic for that SSH login.
We won't cover the full process of creating an EC2 machine here because it is a basic task. If you are at this point in the book, you should already know how to do it. What I suggest is to use a t2.micro that is a free-tier eligible type. Also, it is very important to create the machine in the subnet where you just activated the flow log, and to allow the SSH to have access from your location.
After a short period of time, you can go into the CloudWatch service, click on the Logs option, and select the log group, ...