1. Packages
  2. AWS Native
  3. API Docs
  4. ec2
  5. FlowLog

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.97.0 published on Wednesday, Feb 21, 2024 by Pulumi

aws-native.ec2.FlowLog

Explore with Pulumi AI

aws-native logo

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.97.0 published on Wednesday, Feb 21, 2024 by Pulumi

    Specifies a VPC flow log, which enables you to capture IP traffic for a specific network interface, subnet, or VPC.

    Create FlowLog Resource

    new FlowLog(name: string, args: FlowLogArgs, opts?: CustomResourceOptions);
    @overload
    def FlowLog(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                deliver_cross_account_role: Optional[str] = None,
                deliver_logs_permission_arn: Optional[str] = None,
                destination_options: Optional[DestinationOptionsPropertiesArgs] = None,
                log_destination: Optional[str] = None,
                log_destination_type: Optional[FlowLogLogDestinationType] = None,
                log_format: Optional[str] = None,
                log_group_name: Optional[str] = None,
                max_aggregation_interval: Optional[int] = None,
                resource_id: Optional[str] = None,
                resource_type: Optional[FlowLogResourceType] = None,
                tags: Optional[Sequence[FlowLogTagArgs]] = None,
                traffic_type: Optional[FlowLogTrafficType] = None)
    @overload
    def FlowLog(resource_name: str,
                args: FlowLogArgs,
                opts: Optional[ResourceOptions] = None)
    func NewFlowLog(ctx *Context, name string, args FlowLogArgs, opts ...ResourceOption) (*FlowLog, error)
    public FlowLog(string name, FlowLogArgs args, CustomResourceOptions? opts = null)
    public FlowLog(String name, FlowLogArgs args)
    public FlowLog(String name, FlowLogArgs args, CustomResourceOptions options)
    
    type: aws-native:ec2:FlowLog
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args FlowLogArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args FlowLogArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args FlowLogArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args FlowLogArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args FlowLogArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    FlowLog Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The FlowLog resource accepts the following input properties:

    ResourceId string
    The ID of the subnet, network interface, or VPC for which you want to create a flow log.
    ResourceType Pulumi.AwsNative.Ec2.FlowLogResourceType
    The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.
    DeliverCrossAccountRole string
    The ARN of the IAM role that allows Amazon EC2 to publish flow logs across accounts.
    DeliverLogsPermissionArn string
    The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
    DestinationOptions Pulumi.AwsNative.Ec2.Inputs.DestinationOptionsProperties
    LogDestination string
    Specifies the destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group, an Amazon S3 bucket, or a Kinesis Firehose stream. The value specified for this parameter depends on the value specified for LogDestinationType.
    LogDestinationType Pulumi.AwsNative.Ec2.FlowLogLogDestinationType
    Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3.
    LogFormat string
    The fields to include in the flow log record, in the order in which they should appear.
    LogGroupName string
    The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
    MaxAggregationInterval int
    The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).
    Tags List<Pulumi.AwsNative.Ec2.Inputs.FlowLogTag>
    The tags to apply to the flow logs.
    TrafficType Pulumi.AwsNative.Ec2.FlowLogTrafficType
    The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.
    ResourceId string
    The ID of the subnet, network interface, or VPC for which you want to create a flow log.
    ResourceType FlowLogResourceType
    The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.
    DeliverCrossAccountRole string
    The ARN of the IAM role that allows Amazon EC2 to publish flow logs across accounts.
    DeliverLogsPermissionArn string
    The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
    DestinationOptions DestinationOptionsPropertiesArgs
    LogDestination string
    Specifies the destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group, an Amazon S3 bucket, or a Kinesis Firehose stream. The value specified for this parameter depends on the value specified for LogDestinationType.
    LogDestinationType FlowLogLogDestinationType
    Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3.
    LogFormat string
    The fields to include in the flow log record, in the order in which they should appear.
    LogGroupName string
    The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
    MaxAggregationInterval int
    The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).
    Tags []FlowLogTagArgs
    The tags to apply to the flow logs.
    TrafficType FlowLogTrafficType
    The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.
    resourceId String
    The ID of the subnet, network interface, or VPC for which you want to create a flow log.
    resourceType FlowLogResourceType
    The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.
    deliverCrossAccountRole String
    The ARN of the IAM role that allows Amazon EC2 to publish flow logs across accounts.
    deliverLogsPermissionArn String
    The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
    destinationOptions DestinationOptionsProperties
    logDestination String
    Specifies the destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group, an Amazon S3 bucket, or a Kinesis Firehose stream. The value specified for this parameter depends on the value specified for LogDestinationType.
    logDestinationType FlowLogLogDestinationType
    Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3.
    logFormat String
    The fields to include in the flow log record, in the order in which they should appear.
    logGroupName String
    The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
    maxAggregationInterval Integer
    The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).
    tags List<FlowLogTag>
    The tags to apply to the flow logs.
    trafficType FlowLogTrafficType
    The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.
    resourceId string
    The ID of the subnet, network interface, or VPC for which you want to create a flow log.
    resourceType FlowLogResourceType
    The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.
    deliverCrossAccountRole string
    The ARN of the IAM role that allows Amazon EC2 to publish flow logs across accounts.
    deliverLogsPermissionArn string
    The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
    destinationOptions DestinationOptionsProperties
    logDestination string
    Specifies the destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group, an Amazon S3 bucket, or a Kinesis Firehose stream. The value specified for this parameter depends on the value specified for LogDestinationType.
    logDestinationType FlowLogLogDestinationType
    Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3.
    logFormat string
    The fields to include in the flow log record, in the order in which they should appear.
    logGroupName string
    The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
    maxAggregationInterval number
    The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).
    tags FlowLogTag[]
    The tags to apply to the flow logs.
    trafficType FlowLogTrafficType
    The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.
    resource_id str
    The ID of the subnet, network interface, or VPC for which you want to create a flow log.
    resource_type FlowLogResourceType
    The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.
    deliver_cross_account_role str
    The ARN of the IAM role that allows Amazon EC2 to publish flow logs across accounts.
    deliver_logs_permission_arn str
    The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
    destination_options DestinationOptionsPropertiesArgs
    log_destination str
    Specifies the destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group, an Amazon S3 bucket, or a Kinesis Firehose stream. The value specified for this parameter depends on the value specified for LogDestinationType.
    log_destination_type FlowLogLogDestinationType
    Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3.
    log_format str
    The fields to include in the flow log record, in the order in which they should appear.
    log_group_name str
    The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
    max_aggregation_interval int
    The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).
    tags Sequence[FlowLogTagArgs]
    The tags to apply to the flow logs.
    traffic_type FlowLogTrafficType
    The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.
    resourceId String
    The ID of the subnet, network interface, or VPC for which you want to create a flow log.
    resourceType "NetworkInterface" | "Subnet" | "VPC" | "TransitGateway" | "TransitGatewayAttachment"
    The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.
    deliverCrossAccountRole String
    The ARN of the IAM role that allows Amazon EC2 to publish flow logs across accounts.
    deliverLogsPermissionArn String
    The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
    destinationOptions Property Map
    logDestination String
    Specifies the destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group, an Amazon S3 bucket, or a Kinesis Firehose stream. The value specified for this parameter depends on the value specified for LogDestinationType.
    logDestinationType "cloud-watch-logs" | "s3" | "kinesis-data-firehose"
    Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3.
    logFormat String
    The fields to include in the flow log record, in the order in which they should appear.
    logGroupName String
    The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
    maxAggregationInterval Number
    The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).
    tags List<Property Map>
    The tags to apply to the flow logs.
    trafficType "ACCEPT" | "ALL" | "REJECT"
    The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the FlowLog resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Supporting Types

    DestinationOptionsProperties, DestinationOptionsPropertiesArgs

    FlowLogDestinationOptionsPropertiesFileFormat, FlowLogDestinationOptionsPropertiesFileFormatArgs

    PlainText
    plain-text
    Parquet
    parquet
    FlowLogDestinationOptionsPropertiesFileFormatPlainText
    plain-text
    FlowLogDestinationOptionsPropertiesFileFormatParquet
    parquet
    PlainText
    plain-text
    Parquet
    parquet
    PlainText
    plain-text
    Parquet
    parquet
    PLAIN_TEXT
    plain-text
    PARQUET
    parquet
    "plain-text"
    plain-text
    "parquet"
    parquet

    FlowLogLogDestinationType, FlowLogLogDestinationTypeArgs

    CloudWatchLogs
    cloud-watch-logs
    S3
    s3
    KinesisDataFirehose
    kinesis-data-firehose
    FlowLogLogDestinationTypeCloudWatchLogs
    cloud-watch-logs
    FlowLogLogDestinationTypeS3
    s3
    FlowLogLogDestinationTypeKinesisDataFirehose
    kinesis-data-firehose
    CloudWatchLogs
    cloud-watch-logs
    S3
    s3
    KinesisDataFirehose
    kinesis-data-firehose
    CloudWatchLogs
    cloud-watch-logs
    S3
    s3
    KinesisDataFirehose
    kinesis-data-firehose
    CLOUD_WATCH_LOGS
    cloud-watch-logs
    S3
    s3
    KINESIS_DATA_FIREHOSE
    kinesis-data-firehose
    "cloud-watch-logs"
    cloud-watch-logs
    "s3"
    s3
    "kinesis-data-firehose"
    kinesis-data-firehose

    FlowLogResourceType, FlowLogResourceTypeArgs

    NetworkInterface
    NetworkInterface
    Subnet
    Subnet
    Vpc
    VPC
    TransitGateway
    TransitGateway
    TransitGatewayAttachment
    TransitGatewayAttachment
    FlowLogResourceTypeNetworkInterface
    NetworkInterface
    FlowLogResourceTypeSubnet
    Subnet
    FlowLogResourceTypeVpc
    VPC
    FlowLogResourceTypeTransitGateway
    TransitGateway
    FlowLogResourceTypeTransitGatewayAttachment
    TransitGatewayAttachment
    NetworkInterface
    NetworkInterface
    Subnet
    Subnet
    Vpc
    VPC
    TransitGateway
    TransitGateway
    TransitGatewayAttachment
    TransitGatewayAttachment
    NetworkInterface
    NetworkInterface
    Subnet
    Subnet
    Vpc
    VPC
    TransitGateway
    TransitGateway
    TransitGatewayAttachment
    TransitGatewayAttachment
    NETWORK_INTERFACE
    NetworkInterface
    SUBNET
    Subnet
    VPC
    VPC
    TRANSIT_GATEWAY
    TransitGateway
    TRANSIT_GATEWAY_ATTACHMENT
    TransitGatewayAttachment
    "NetworkInterface"
    NetworkInterface
    "Subnet"
    Subnet
    "VPC"
    VPC
    "TransitGateway"
    TransitGateway
    "TransitGatewayAttachment"
    TransitGatewayAttachment

    FlowLogTag, FlowLogTagArgs

    Key string
    Value string
    Key string
    Value string
    key String
    value String
    key string
    value string
    key str
    value str
    key String
    value String

    FlowLogTrafficType, FlowLogTrafficTypeArgs

    Accept
    ACCEPT
    All
    ALL
    Reject
    REJECT
    FlowLogTrafficTypeAccept
    ACCEPT
    FlowLogTrafficTypeAll
    ALL
    FlowLogTrafficTypeReject
    REJECT
    Accept
    ACCEPT
    All
    ALL
    Reject
    REJECT
    Accept
    ACCEPT
    All
    ALL
    Reject
    REJECT
    ACCEPT
    ACCEPT
    ALL
    ALL
    REJECT
    REJECT
    "ACCEPT"
    ACCEPT
    "ALL"
    ALL
    "REJECT"
    REJECT

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    AWS Native is in preview. AWS Classic is fully supported.

    AWS Native v0.97.0 published on Wednesday, Feb 21, 2024 by Pulumi