aws::flow-log

Creates a flow log for VPCs, Subnets or Network Interfaces.

Example

aws::flow-log example-flow-log
    log-destination: "arn:aws:s3:::example-bucket-flow-logs/"
    destination-type: "s3"
    log-format: '${version} ${account-id} ${interface-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${protocol} ${packets} ${bytes} ${start} ${end} ${action} ${log-status}'
    max-aggregation-interval: 60
    vpc: $(aws::vpc vpc-example-flow-log)
    traffic-type: "all"

    tags: {
        "example-tag": "example-value"
    }
end

Attributes

Attribute Description
role The IAM role that permits Amazon EC2 to publish flow logs when destination-type is set to cloud-watch-logs.
log-destination The destination to which flow log data should be published. (Required)
destination-type The type of destination to which flow log data should be published. Valid values are cloud-watch-logs or s3. (Required)
log-format The fields to include in the flow log record when destination-type is set to s3.
max-aggregation-interval The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid values are 60.0 or ``600.0`.
vpc The vpc for which the flow log should be created. Cannot be set if any of subnet or network-interface is set.
subnet The subnet for which the flow log should be created. Cannot be set if any of vpc or network-interface is set.
network-interface The network interface for which the flow log should be created. Cannot be set if any of subnet or vpc is set.
traffic-type The type of traffic to log. Valid values are ACCEPT, REJECT or ALL. (Required)

Outputs

Attribute Description
id The ID of the flow log.