aws::flow-log¶

Creates a flow log for VPCs, Subnets or Network Interfaces.

Example¶

aws::flow-log example-flow-log
    log-destination: "arn:aws:s3:::example-bucket-flow-logs/"
    destination-type: "s3"
    log-format: '${version} ${account-id} ${interface-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${protocol} ${packets} ${bytes} ${start} ${end} ${action} ${log-status}'
    max-aggregation-interval: 60
    vpc: $(aws::vpc vpc-example-flow-log)
    traffic-type: "all"

    tags: {
        "example-tag": "example-value"
    }
end

Attributes¶

Attribute	Description
role	The IAM role that permits Amazon EC2 to publish flow logs when `destination-type` is set to `cloud-watch-logs`.
log-destination	The destination to which flow log data should be published. (Required)
destination-type	The type of destination to which flow log data should be published. Valid values are `cloud-watch-logs` or `s3`. (Required)
log-format	The fields to include in the flow log record when `destination-type` is set to `s3`.
max-aggregation-interval	The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid values are `60.0` or ``600.0`.
vpc	The vpc for which the flow log should be created. Cannot be set if any of `subnet` or `network-interface` is set.
subnet	The subnet for which the flow log should be created. Cannot be set if any of `vpc` or `network-interface` is set.
network-interface	The network interface for which the flow log should be created. Cannot be set if any of `subnet` or `vpc` is set.
traffic-type	The type of traffic to log. Valid values are `ACCEPT`, `REJECT` or `ALL`. (Required)

Outputs¶

Attribute	Description
id	The ID of the flow log.