Skip to main content

Component: vpc-flow-logs-bucket

This component is responsible for provisioning an encrypted S3 bucket which is configured to receive VPC Flow Logs.

Usage

Stack Level: Regional

Here's an example snippet for how to use this component.

IMPORTANT: This component expects the aws_flow_log resource to be created externally. Typically that is accomplished through the vpc component.

components:
terraform:
vpc-flow-logs-bucket:
vars:
name: "vpc-flow-logs"
noncurrent_version_expiration_days: 180
noncurrent_version_transition_days: 30
standard_transition_days: 60
glacier_transition_days: 180
expiration_days: 365

Requirements

NameVersion
terraform>= 0.13.0
aws>= 3.0
local>= 1.3
template>= 2.2

Providers

No providers.

Modules

NameSourceVersion
flow_logs_s3_bucketcloudposse/vpc-flow-logs-s3-bucket/aws0.12.0
iam_roles../account-map/modules/iam-rolesn/a
thiscloudposse/label/null0.24.1

Resources

No resources.

Inputs

NameDescriptionTypeDefaultRequired
additional_tag_mapAdditional tags for appending to tags_as_list_of_maps. Not added to tags.map(string){}no
arn_formatARN format to be used. May be changed to support deployment in GovCloud/China regionsstring"arn:aws"no
attributesAdditional attributes (e.g. 1)list(string)[]no
contextSingle object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as null to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional_tag_map, which are merged.
any
{
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_key_case": null,
"label_order": [],
"label_value_case": null,
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {}
}
no
delimiterDelimiter to be used between namespace, environment, stage, name and attributes.
Defaults to - (hyphen). Set to "" to use no delimiter at all.
stringnullno
enabledSet to false to prevent the module from creating any resourcesboolnullno
environmentEnvironment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'stringnullno
expiration_daysNumber of days after which to expunge the objectsnumber90no
force_destroyA boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverableboolfalseno
glacier_transition_daysNumber of days after which to move the data to the glacier storage tiernumber60no
id_length_limitLimit id to this many characters (minimum 6).
Set to 0 for unlimited length.
Set to null for default, which is 0.
Does not affect id_full.
numbernullno
import_profile_nameAWS Profile to use when importing a resourcestringnullno
label_key_caseThe letter case of label keys (tag names) (i.e. name, namespace, environment, stage, attributes) to use in tags.
Possible values: lower, title, upper.
Default value: title.
stringnullno
label_orderThe naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present.
list(string)nullno
label_value_caseThe letter case of output label values (also used in tags and id).
Possible values: lower, title, upper and none (no transformation).
Default value: lower.
stringnullno
lifecycle_prefixPrefix filter. Used to manage object lifecycle eventsstring""no
lifecycle_rule_enabledEnable lifecycle events on this bucketbooltrueno
lifecycle_tagsTags filter. Used to manage object lifecycle eventsmap(string){}no
nameSolution name, e.g. 'app' or 'jenkins'stringnullno
namespaceNamespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'stringnullno
noncurrent_version_expiration_daysSpecifies when noncurrent object versions expirenumber90no
noncurrent_version_transition_daysSpecifies when noncurrent object versions transitionsnumber30no
regex_replace_charsRegex to replace chars with empty string in namespace, environment, stage and name.
If not set, "/[^a-zA-Z0-9-]/" is used to remove all characters other than hyphens, letters and digits.
stringnullno
regionAWS Regionstringn/ayes
stageStage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'stringnullno
standard_transition_daysNumber of days to persist in the standard storage tier before moving to the infrequent access tiernumber30no
tagsAdditional tags (e.g. map('BusinessUnit','XYZ')map(string){}no
traffic_typeThe type of traffic to capture. Valid values: ACCEPT, REJECT, ALLstring"ALL"no

Outputs

NameDescription
vpc_flow_logs_bucket_arnVPC Flow Logs bucket ARN
vpc_flow_logs_bucket_idVPC Flow Logs bucket ID

References