Docs
PackagesAWS Native is in preview. AWS Classic is fully supported.
aws-native.ec2.FlowLog
Explore with Pulumi AI
AWS Native is in preview. AWS Classic is fully supported.
Specifies a VPC flow log, which enables you to capture IP traffic for a specific network interface, subnet, or VPC.
Create FlowLog Resource
new FlowLog(name: string, args: FlowLogArgs, opts?: CustomResourceOptions);@overload
def FlowLog(resource_name: str,
opts: Optional[ResourceOptions] = None,
deliver_logs_permission_arn: Optional[str] = None,
destination_options: Optional[DestinationOptionsPropertiesArgs] = None,
log_destination: Optional[str] = None,
log_destination_type: Optional[FlowLogLogDestinationType] = None,
log_format: Optional[str] = None,
log_group_name: Optional[str] = None,
max_aggregation_interval: Optional[int] = None,
resource_id: Optional[str] = None,
resource_type: Optional[FlowLogResourceType] = None,
tags: Optional[Sequence[FlowLogTagArgs]] = None,
traffic_type: Optional[FlowLogTrafficType] = None)
@overload
def FlowLog(resource_name: str,
args: FlowLogArgs,
opts: Optional[ResourceOptions] = None)func NewFlowLog(ctx *Context, name string, args FlowLogArgs, opts ...ResourceOption) (*FlowLog, error)public FlowLog(string name, FlowLogArgs args, CustomResourceOptions? opts = null)
public FlowLog(String name, FlowLogArgs args)
public FlowLog(String name, FlowLogArgs args, CustomResourceOptions options)
type: aws-native:ec2:FlowLog
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FlowLogArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FlowLogArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FlowLogArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FlowLogArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FlowLogArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
FlowLog Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The FlowLog resource accepts the following input properties:
- Resource
Id string The ID of the subnet, network interface, or VPC for which you want to create a flow log.
- Resource
Type Pulumi.Aws Native. EC2. Flow Log Resource Type The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.
- Deliver
Logs stringPermission Arn The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
- Destination
Options Pulumi.Aws Native. EC2. Inputs. Destination Options Properties Args - Log
Destination string Specifies the destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group, an Amazon S3 bucket, or a Kinesis Firehose stream. The value specified for this parameter depends on the value specified for LogDestinationType.
- Log
Destination Pulumi.Type Aws Native. EC2. Flow Log Log Destination Type Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3.
- Log
Format string The fields to include in the flow log record, in the order in which they should appear.
- Log
Group stringName The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
- Max
Aggregation intInterval The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).
-
List<Pulumi.
Aws Native. EC2. Inputs. Flow Log Tag Args> The tags to apply to the flow logs.
- Traffic
Type Pulumi.Aws Native. EC2. Flow Log Traffic Type The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.
- Resource
Id string The ID of the subnet, network interface, or VPC for which you want to create a flow log.
- Resource
Type FlowLog Resource Type The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.
- Deliver
Logs stringPermission Arn The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
- Destination
Options DestinationOptions Properties Args - Log
Destination string Specifies the destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group, an Amazon S3 bucket, or a Kinesis Firehose stream. The value specified for this parameter depends on the value specified for LogDestinationType.
- Log
Destination FlowType Log Log Destination Type Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3.
- Log
Format string The fields to include in the flow log record, in the order in which they should appear.
- Log
Group stringName The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
- Max
Aggregation intInterval The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).
-
[]Flow
Log Tag Args The tags to apply to the flow logs.
- Traffic
Type FlowLog Traffic Type The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.
- resource
Id String The ID of the subnet, network interface, or VPC for which you want to create a flow log.
- resource
Type FlowLog Resource Type The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.
- deliver
Logs StringPermission Arn The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
- destination
Options DestinationOptions Properties Args - log
Destination String Specifies the destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group, an Amazon S3 bucket, or a Kinesis Firehose stream. The value specified for this parameter depends on the value specified for LogDestinationType.
- log
Destination FlowType Log Log Destination Type Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3.
- log
Format String The fields to include in the flow log record, in the order in which they should appear.
- log
Group StringName The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
- max
Aggregation IntegerInterval The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).
-
List<Flow
Log Tag Args> The tags to apply to the flow logs.
- traffic
Type FlowLog Traffic Type The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.
- resource
Id string The ID of the subnet, network interface, or VPC for which you want to create a flow log.
- resource
Type FlowLog Resource Type The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.
- deliver
Logs stringPermission Arn The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
- destination
Options DestinationOptions Properties Args - log
Destination string Specifies the destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group, an Amazon S3 bucket, or a Kinesis Firehose stream. The value specified for this parameter depends on the value specified for LogDestinationType.
- log
Destination FlowType Log Log Destination Type Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3.
- log
Format string The fields to include in the flow log record, in the order in which they should appear.
- log
Group stringName The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
- max
Aggregation numberInterval The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).
-
Flow
Log Tag Args[] The tags to apply to the flow logs.
- traffic
Type FlowLog Traffic Type The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.
- resource_
id str The ID of the subnet, network interface, or VPC for which you want to create a flow log.
- resource_
type FlowLog Resource Type The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.
- deliver_
logs_ strpermission_ arn The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
- destination_
options DestinationOptions Properties Args - log_
destination str Specifies the destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group, an Amazon S3 bucket, or a Kinesis Firehose stream. The value specified for this parameter depends on the value specified for LogDestinationType.
- log_
destination_ Flowtype Log Log Destination Type Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3.
- log_
format str The fields to include in the flow log record, in the order in which they should appear.
- log_
group_ strname The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
- max_
aggregation_ intinterval The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).
-
Sequence[Flow
Log Tag Args] The tags to apply to the flow logs.
- traffic_
type FlowLog Traffic Type The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.
- resource
Id String The ID of the subnet, network interface, or VPC for which you want to create a flow log.
- resource
Type "NetworkInterface" | "Subnet" | "VPC" | "Transit Gateway" | "Transit Gateway Attachment" The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.
- deliver
Logs StringPermission Arn The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
- destination
Options Property Map - log
Destination String Specifies the destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group, an Amazon S3 bucket, or a Kinesis Firehose stream. The value specified for this parameter depends on the value specified for LogDestinationType.
- log
Destination "cloud-watch-logs" | "s3" | "kinesis-data-firehose"Type Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3.
- log
Format String The fields to include in the flow log record, in the order in which they should appear.
- log
Group StringName The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
- max
Aggregation NumberInterval The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).
- List<Property Map>
The tags to apply to the flow logs.
- traffic
Type "ACCEPT" | "ALL" | "REJECT" The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.
Outputs
All input properties are implicitly available as output properties. Additionally, the FlowLog resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Supporting Types
DestinationOptionsProperties
FlowLogDestinationOptionsPropertiesFileFormat
- Plain
Text - plain-text
- Parquet
- parquet
- Flow
Log Destination Options Properties File Format Plain Text - plain-text
- Flow
Log Destination Options Properties File Format Parquet - parquet
- Plain
Text - plain-text
- Parquet
- parquet
- Plain
Text - plain-text
- Parquet
- parquet
- PLAIN_TEXT
- plain-text
- PARQUET
- parquet
- "plain-text"
- plain-text
- "parquet"
- parquet
FlowLogLogDestinationType
- Cloud
Watch Logs - cloud-watch-logs
- S3
- s3
- Kinesis
Data Firehose - kinesis-data-firehose
- Flow
Log Log Destination Type Cloud Watch Logs - cloud-watch-logs
- Flow
Log Log Destination Type S3 - s3
- Flow
Log Log Destination Type Kinesis Data Firehose - kinesis-data-firehose
- Cloud
Watch Logs - cloud-watch-logs
- S3
- s3
- Kinesis
Data Firehose - kinesis-data-firehose
- Cloud
Watch Logs - cloud-watch-logs
- S3
- s3
- Kinesis
Data Firehose - kinesis-data-firehose
- CLOUD_WATCH_LOGS
- cloud-watch-logs
- S3
- s3
- KINESIS_DATA_FIREHOSE
- kinesis-data-firehose
- "cloud-watch-logs"
- cloud-watch-logs
- "s3"
- s3
- "kinesis-data-firehose"
- kinesis-data-firehose
FlowLogResourceType
- Network
Interface - NetworkInterface
- Subnet
- Subnet
- Vpc
- VPC
- Transit
Gateway - TransitGateway
- Transit
Gateway Attachment - TransitGatewayAttachment
- Flow
Log Resource Type Network Interface - NetworkInterface
- Flow
Log Resource Type Subnet - Subnet
- Flow
Log Resource Type Vpc - VPC
- Flow
Log Resource Type Transit Gateway - TransitGateway
- Flow
Log Resource Type Transit Gateway Attachment - TransitGatewayAttachment
- Network
Interface - NetworkInterface
- Subnet
- Subnet
- Vpc
- VPC
- Transit
Gateway - TransitGateway
- Transit
Gateway Attachment - TransitGatewayAttachment
- Network
Interface - NetworkInterface
- Subnet
- Subnet
- Vpc
- VPC
- Transit
Gateway - TransitGateway
- Transit
Gateway Attachment - TransitGatewayAttachment
- NETWORK_INTERFACE
- NetworkInterface
- SUBNET
- Subnet
- VPC
- VPC
- TRANSIT_GATEWAY
- TransitGateway
- TRANSIT_GATEWAY_ATTACHMENT
- TransitGatewayAttachment
- "Network
Interface" - NetworkInterface
- "Subnet"
- Subnet
- "VPC"
- VPC
- "Transit
Gateway" - TransitGateway
- "Transit
Gateway Attachment" - TransitGatewayAttachment
FlowLogTag
FlowLogTrafficType
- Accept
- ACCEPT
- All
- ALL
- Reject
- REJECT
- Flow
Log Traffic Type Accept - ACCEPT
- Flow
Log Traffic Type All - ALL
- Flow
Log Traffic Type Reject - REJECT
- Accept
- ACCEPT
- All
- ALL
- Reject
- REJECT
- Accept
- ACCEPT
- All
- ALL
- Reject
- REJECT
- ACCEPT
- ACCEPT
- ALL
- ALL
- REJECT
- REJECT
- "ACCEPT"
- ACCEPT
- "ALL"
- ALL
- "REJECT"
- REJECT
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
AWS Native is in preview. AWS Classic is fully supported.