Module: cloudwatch-flow-logs
Terraform module for enabling flow logs
for vpc
and subnets
.
Usage
module "flow_logs" {
source = "git::https://github.com/cloudposse/terraform-aws-cloudwatch-flow-logs.git?ref=master"
vpc_id = "${var.vpc_id}"
namespace = "${var.namespace}"
stage = "${var.stage}"
}
Requirements
No requirements.
Providers
Name | Version |
---|---|
aws | n/a |
Modules
Name | Source | Version |
---|---|---|
kinesis_label | git::https://github.com/cloudposse/terraform-null-label.git | tags/0.3.1 |
log_group_label | git::https://github.com/cloudposse/terraform-null-label.git | tags/0.3.1 |
subnet_label | git::https://github.com/cloudposse/terraform-null-label.git | tags/0.3.1 |
subscription_filter_label | git::https://github.com/cloudposse/terraform-null-label.git | tags/0.3.1 |
vpc_label | git::https://github.com/cloudposse/terraform-null-label.git | tags/0.3.1 |
Resources
Name | Type |
---|---|
aws_cloudwatch_log_group.default | resource |
aws_cloudwatch_log_subscription_filter.default | resource |
aws_flow_log.eni | resource |
aws_flow_log.subnets | resource |
aws_flow_log.vpc | resource |
aws_iam_role.kinesis | resource |
aws_iam_role.log | resource |
aws_iam_role_policy.kinesis | resource |
aws_iam_role_policy.log | resource |
aws_kinesis_stream.default | resource |
aws_iam_policy_document.kinesis | data source |
aws_iam_policy_document.kinesis_assume | data source |
aws_iam_policy_document.log | data source |
aws_iam_policy_document.log_assume | data source |
aws_region.default | data source |
Inputs
Name | Description | Type | Default | Required |
---|---|---|---|---|
attributes | Additional attributes (e.g. policy or role ) | list(string) | [] | no |
delimiter | Delimiter to be used between name , namespace , stage , etc. | string | "-" | no |
enabled | Set to false to prevent the module from creating anything | string | "true" | no |
encryption_type | GUID for the customer-managed KMS key to use for encryption. The only acceptable values are NONE or KMS | string | "NONE" | no |
eni_ids | IDs of ENIs | list(string) | [] | no |
filter_pattern | Valid CloudWatch Logs filter pattern for subscribing to a filtered stream of log events | string | "[version, account, eni, source, destination, srcport, destport, protocol, packets, bytes, windowstart, windowend, action, flowlogstatus]" | no |
kms_key_id | ID of KMS key | string | "" | no |
name | Name (e.g. bastion or db ) | string | "" | no |
namespace | Namespace (e.g. cp or cloudposse ) | string | n/a | yes |
region | AWS region | string | "" | no |
retention_in_days | Number of days you want to retain log events in the log group | string | "30" | no |
retention_period | Length of time data records are accessible after they are added to the stream | string | "48" | no |
shard_count | Number of shards that the stream will use | string | "1" | no |
shard_level_metrics | List of shard-level CloudWatch metrics which can be enabled for the stream | list |
| no |
stage | Stage (e.g. prod , dev , staging ) | string | n/a | yes |
subnet_ids | IDs of subnets | list(string) | [] | no |
tags | Additional tags (e.g. map(BusinessUnit ,XYZ ) | map(string) | {} | no |
traffic_type | Type of traffic to capture. Valid values: ACCEPT,REJECT, ALL | string | "ALL" | no |
vpc_id | ID of VPC | any | n/a | yes |
Outputs
Name | Description |
---|---|
eni_flow_ids | Flow Log IDs of ENIs |
kinesis_arn | Kinesis Stream ARN |
kinesis_id | Kinesis Stream ID |
kinesis_name | Kinesis Stream name |
kinesis_shard_count | Kinesis Stream Shard count |
log_group_arn | ARN of the log group |
subnet_flow_ids | Flow Log IDs of subnets |
vpc_flow_id | VPC Flow Log ID |