AWS Native
FlowLog
Specifies a VPC flow log, which enables you to capture IP traffic for a specific network interface, subnet, or VPC.
Create a FlowLog Resource
new FlowLog(name: string, args: FlowLogArgs, opts?: CustomResourceOptions);
@overload
def FlowLog(resource_name: str,
opts: Optional[ResourceOptions] = None,
deliver_logs_permission_arn: Optional[str] = None,
destination_options: Optional[DestinationOptionsPropertiesArgs] = None,
log_destination: Optional[str] = None,
log_destination_type: Optional[FlowLogLogDestinationType] = None,
log_format: Optional[str] = None,
log_group_name: Optional[str] = None,
max_aggregation_interval: Optional[int] = None,
resource_id: Optional[str] = None,
resource_type: Optional[FlowLogResourceType] = None,
tags: Optional[Sequence[FlowLogTagArgs]] = None,
traffic_type: Optional[FlowLogTrafficType] = None)
@overload
def FlowLog(resource_name: str,
args: FlowLogArgs,
opts: Optional[ResourceOptions] = None)
func NewFlowLog(ctx *Context, name string, args FlowLogArgs, opts ...ResourceOption) (*FlowLog, error)
public FlowLog(string name, FlowLogArgs args, CustomResourceOptions? opts = null)
public FlowLog(String name, FlowLogArgs args)
public FlowLog(String name, FlowLogArgs args, CustomResourceOptions options)
type: aws-native:ec2:FlowLog
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FlowLogArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FlowLogArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FlowLogArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FlowLogArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FlowLogArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
FlowLog Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The FlowLog resource accepts the following input properties:
- Resource
Id string The ID of the subnet, network interface, or VPC for which you want to create a flow log.
- Resource
Type Pulumi.Aws Native. EC2. Flow Log Resource Type The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.
- Traffic
Type Pulumi.Aws Native. EC2. Flow Log Traffic Type The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.
- Deliver
Logs stringPermission Arn The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
- Destination
Options Pulumi.Aws Native. EC2. Inputs. Destination Options Properties Args - Log
Destination string Specifies the destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group, an Amazon S3 bucket, or a Kinesis Firehose stream. The value specified for this parameter depends on the value specified for LogDestinationType.
- Log
Destination Pulumi.Type Aws Native. EC2. Flow Log Log Destination Type Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3.
- Log
Format string The fields to include in the flow log record, in the order in which they should appear.
- Log
Group stringName The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
- Max
Aggregation intInterval The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).
- List<Pulumi.
Aws Native. EC2. Inputs. Flow Log Tag Args> The tags to apply to the flow logs.
- Resource
Id string The ID of the subnet, network interface, or VPC for which you want to create a flow log.
- Resource
Type FlowLog Resource Type The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.
- Traffic
Type FlowLog Traffic Type The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.
- Deliver
Logs stringPermission Arn The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
- Destination
Options DestinationOptions Properties Args - Log
Destination string Specifies the destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group, an Amazon S3 bucket, or a Kinesis Firehose stream. The value specified for this parameter depends on the value specified for LogDestinationType.
- Log
Destination FlowType Log Log Destination Type Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3.
- Log
Format string The fields to include in the flow log record, in the order in which they should appear.
- Log
Group stringName The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
- Max
Aggregation intInterval The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).
- []Flow
Log Tag Args The tags to apply to the flow logs.
- resource
Id String The ID of the subnet, network interface, or VPC for which you want to create a flow log.
- resource
Type FlowLog Resource Type The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.
- traffic
Type FlowLog Traffic Type The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.
- deliver
Logs StringPermission Arn The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
- destination
Options DestinationOptions Properties Args - log
Destination String Specifies the destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group, an Amazon S3 bucket, or a Kinesis Firehose stream. The value specified for this parameter depends on the value specified for LogDestinationType.
- log
Destination FlowType Log Log Destination Type Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3.
- log
Format String The fields to include in the flow log record, in the order in which they should appear.
- log
Group StringName The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
- max
Aggregation IntegerInterval The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).
- List
Log Tag Args> The tags to apply to the flow logs.
- resource
Id string The ID of the subnet, network interface, or VPC for which you want to create a flow log.
- resource
Type FlowLog Resource Type The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.
- traffic
Type FlowLog Traffic Type The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.
- deliver
Logs stringPermission Arn The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
- destination
Options DestinationOptions Properties Args - log
Destination string Specifies the destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group, an Amazon S3 bucket, or a Kinesis Firehose stream. The value specified for this parameter depends on the value specified for LogDestinationType.
- log
Destination FlowType Log Log Destination Type Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3.
- log
Format string The fields to include in the flow log record, in the order in which they should appear.
- log
Group stringName The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
- max
Aggregation numberInterval The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).
- Flow
Log Tag Args[] The tags to apply to the flow logs.
- resource_
id str The ID of the subnet, network interface, or VPC for which you want to create a flow log.
- resource_
type FlowLog Resource Type The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.
- traffic_
type FlowLog Traffic Type The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.
- deliver_
logs_ strpermission_ arn The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
- destination_
options DestinationOptions Properties Args - log_
destination str Specifies the destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group, an Amazon S3 bucket, or a Kinesis Firehose stream. The value specified for this parameter depends on the value specified for LogDestinationType.
- log_
destination_ Flowtype Log Log Destination Type Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3.
- log_
format str The fields to include in the flow log record, in the order in which they should appear.
- log_
group_ strname The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
- max_
aggregation_ intinterval The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).
- Sequence[Flow
Log Tag Args] The tags to apply to the flow logs.
- resource
Id String The ID of the subnet, network interface, or VPC for which you want to create a flow log.
- resource
Type "NetworkInterface" | "Subnet" | "VPC" The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.
- traffic
Type "ACCEPT" | "ALL" | "REJECT" The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.
- deliver
Logs StringPermission Arn The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
- destination
Options Property Map - log
Destination String Specifies the destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group, an Amazon S3 bucket, or a Kinesis Firehose stream. The value specified for this parameter depends on the value specified for LogDestinationType.
- log
Destination "cloud-watch-logs" | "s3" | "kinesis-data-firehose"Type Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3.
- log
Format String The fields to include in the flow log record, in the order in which they should appear.
- log
Group StringName The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
- max
Aggregation NumberInterval The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).
- List
The tags to apply to the flow logs.
Outputs
All input properties are implicitly available as output properties. Additionally, the FlowLog resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Supporting Types
DestinationOptionsProperties
FlowLogDestinationOptionsPropertiesFileFormat
- Plain
Text - plain-text
- Parquet
- parquet
- Flow
Log Destination Options Properties File Format Plain Text - plain-text
- Flow
Log Destination Options Properties File Format Parquet - parquet
- Plain
Text - plain-text
- Parquet
- parquet
- Plain
Text - plain-text
- Parquet
- parquet
- PLAIN_TEXT
- plain-text
- PARQUET
- parquet
- "plain-text"
- plain-text
- "parquet"
- parquet
FlowLogLogDestinationType
- Cloud
Watch Logs - cloud-watch-logs
- S3
- s3
- Kinesis
Data Firehose - kinesis-data-firehose
- Flow
Log Log Destination Type Cloud Watch Logs - cloud-watch-logs
- Flow
Log Log Destination Type S3 - s3
- Flow
Log Log Destination Type Kinesis Data Firehose - kinesis-data-firehose
- Cloud
Watch Logs - cloud-watch-logs
- S3
- s3
- Kinesis
Data Firehose - kinesis-data-firehose
- Cloud
Watch Logs - cloud-watch-logs
- S3
- s3
- Kinesis
Data Firehose - kinesis-data-firehose
- CLOUD_WATCH_LOGS
- cloud-watch-logs
- S3
- s3
- KINESIS_DATA_FIREHOSE
- kinesis-data-firehose
- "cloud-watch-logs"
- cloud-watch-logs
- "s3"
- s3
- "kinesis-data-firehose"
- kinesis-data-firehose
FlowLogResourceType
- Network
Interface - NetworkInterface
- Subnet
- Subnet
- Vpc
- VPC
- Flow
Log Resource Type Network Interface - NetworkInterface
- Flow
Log Resource Type Subnet - Subnet
- Flow
Log Resource Type Vpc - VPC
- Network
Interface - NetworkInterface
- Subnet
- Subnet
- Vpc
- VPC
- Network
Interface - NetworkInterface
- Subnet
- Subnet
- Vpc
- VPC
- NETWORK_INTERFACE
- NetworkInterface
- SUBNET
- Subnet
- VPC
- VPC
- "Network
Interface" - NetworkInterface
- "Subnet"
- Subnet
- "VPC"
- VPC
FlowLogTag
FlowLogTrafficType
- Accept
- ACCEPT
- All
- ALL
- Reject
- REJECT
- Flow
Log Traffic Type Accept - ACCEPT
- Flow
Log Traffic Type All - ALL
- Flow
Log Traffic Type Reject - REJECT
- Accept
- ACCEPT
- All
- ALL
- Reject
- REJECT
- Accept
- ACCEPT
- All
- ALL
- Reject
- REJECT
- ACCEPT
- ACCEPT
- ALL
- ALL
- REJECT
- REJECT
- "ACCEPT"
- ACCEPT
- "ALL"
- ALL
- "REJECT"
- REJECT
Package Details
- Repository
- https://github.com/pulumi/pulumi-aws-native
- License
- Apache-2.0