AWS Native

v0.29.0 published on Thursday, Sep 8, 2022 by Pulumi

FlowLog

Specifies a VPC flow log, which enables you to capture IP traffic for a specific network interface, subnet, or VPC.

Create a FlowLog Resource

new FlowLog(name: string, args: FlowLogArgs, opts?: CustomResourceOptions);

@overload
def FlowLog(resource_name: str,
            opts: Optional[ResourceOptions] = None,
            deliver_logs_permission_arn: Optional[str] = None,
            destination_options: Optional[DestinationOptionsPropertiesArgs] = None,
            log_destination: Optional[str] = None,
            log_destination_type: Optional[FlowLogLogDestinationType] = None,
            log_format: Optional[str] = None,
            log_group_name: Optional[str] = None,
            max_aggregation_interval: Optional[int] = None,
            resource_id: Optional[str] = None,
            resource_type: Optional[FlowLogResourceType] = None,
            tags: Optional[Sequence[FlowLogTagArgs]] = None,
            traffic_type: Optional[FlowLogTrafficType] = None)
@overload
def FlowLog(resource_name: str,
            args: FlowLogArgs,
            opts: Optional[ResourceOptions] = None)

func NewFlowLog(ctx *Context, name string, args FlowLogArgs, opts ...ResourceOption) (*FlowLog, error)

public FlowLog(string name, FlowLogArgs args, CustomResourceOptions? opts = null)

public FlowLog(String name, FlowLogArgs args)
public FlowLog(String name, FlowLogArgs args, CustomResourceOptions options)

type: aws-native:ec2:FlowLog
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FlowLogArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args FlowLogArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args FlowLogArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FlowLogArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args FlowLogArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

FlowLog Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The FlowLog resource accepts the following input properties:

ResourceId string: The ID of the subnet, network interface, or VPC for which you want to create a flow log.
ResourceType Pulumi.AwsNative.EC2.FlowLogResourceType: The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.
TrafficType Pulumi.AwsNative.EC2.FlowLogTrafficType: The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.
DeliverLogsPermissionArn string: The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
DestinationOptions Pulumi.AwsNative.EC2.Inputs.DestinationOptionsPropertiesArgs
LogDestination string: Specifies the destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group, an Amazon S3 bucket, or a Kinesis Firehose stream. The value specified for this parameter depends on the value specified for LogDestinationType.
LogDestinationType Pulumi.AwsNative.EC2.FlowLogLogDestinationType: Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3.
LogFormat string: The fields to include in the flow log record, in the order in which they should appear.
LogGroupName string: The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
MaxAggregationInterval int: The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).
Tags List<Pulumi.AwsNative.EC2.Inputs.FlowLogTagArgs>: The tags to apply to the flow logs.

ResourceId string: The ID of the subnet, network interface, or VPC for which you want to create a flow log.
ResourceType FlowLogResourceType: The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.
TrafficType FlowLogTrafficType: The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.
DeliverLogsPermissionArn string: The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
DestinationOptions DestinationOptionsPropertiesArgs
LogDestination string: Specifies the destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group, an Amazon S3 bucket, or a Kinesis Firehose stream. The value specified for this parameter depends on the value specified for LogDestinationType.
LogDestinationType FlowLogLogDestinationType: Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3.
LogFormat string: The fields to include in the flow log record, in the order in which they should appear.
LogGroupName string: The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
MaxAggregationInterval int: The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).
Tags []FlowLogTagArgs: The tags to apply to the flow logs.

resourceId String: The ID of the subnet, network interface, or VPC for which you want to create a flow log.
resourceType FlowLogResourceType: The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.
trafficType FlowLogTrafficType: The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.
deliverLogsPermissionArn String: The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
destinationOptions DestinationOptionsPropertiesArgs
logDestination String: Specifies the destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group, an Amazon S3 bucket, or a Kinesis Firehose stream. The value specified for this parameter depends on the value specified for LogDestinationType.
logDestinationType FlowLogLogDestinationType: Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3.
logFormat String: The fields to include in the flow log record, in the order in which they should appear.
logGroupName String: The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
maxAggregationInterval Integer: The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).
tags List<FlowLogTagArgs>: The tags to apply to the flow logs.

resourceId string: The ID of the subnet, network interface, or VPC for which you want to create a flow log.
resourceType FlowLogResourceType: The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.
trafficType FlowLogTrafficType: The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.
deliverLogsPermissionArn string: The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
destinationOptions DestinationOptionsPropertiesArgs
logDestination string: Specifies the destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group, an Amazon S3 bucket, or a Kinesis Firehose stream. The value specified for this parameter depends on the value specified for LogDestinationType.
logDestinationType FlowLogLogDestinationType: Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3.
logFormat string: The fields to include in the flow log record, in the order in which they should appear.
logGroupName string: The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
maxAggregationInterval number: The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).
tags FlowLogTagArgs[]: The tags to apply to the flow logs.

resource_id str: The ID of the subnet, network interface, or VPC for which you want to create a flow log.
resource_type FlowLogResourceType: The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.
traffic_type FlowLogTrafficType: The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.
deliver_logs_permission_arn str: The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
destination_options DestinationOptionsPropertiesArgs
log_destination str: Specifies the destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group, an Amazon S3 bucket, or a Kinesis Firehose stream. The value specified for this parameter depends on the value specified for LogDestinationType.
log_destination_type FlowLogLogDestinationType: Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3.
log_format str: The fields to include in the flow log record, in the order in which they should appear.
log_group_name str: The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
max_aggregation_interval int: The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).
tags Sequence[FlowLogTagArgs]: The tags to apply to the flow logs.

resourceId String: The ID of the subnet, network interface, or VPC for which you want to create a flow log.
resourceType "NetworkInterface" | "Subnet" | "VPC" | "TransitGateway" | "TransitGatewayAttachment": The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.
trafficType "ACCEPT" | "ALL" | "REJECT": The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.
deliverLogsPermissionArn String: The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
destinationOptions Property Map
logDestination String: Specifies the destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group, an Amazon S3 bucket, or a Kinesis Firehose stream. The value specified for this parameter depends on the value specified for LogDestinationType.
logDestinationType "cloud-watch-logs" | "s3" | "kinesis-data-firehose": Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3.
logFormat String: The fields to include in the flow log record, in the order in which they should appear.
logGroupName String: The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs. If you specify LogDestinationType as s3 or kinesis-data-firehose, do not specify DeliverLogsPermissionArn or LogGroupName.
maxAggregationInterval Number: The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).
tags List<Property Map>: The tags to apply to the flow logs.

Outputs

All input properties are implicitly available as output properties. Additionally, the FlowLog resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Supporting Types

DestinationOptionsProperties

FileFormat Pulumi.AwsNative.EC2.FlowLogDestinationOptionsPropertiesFileFormat
HiveCompatiblePartitions bool
PerHourPartition bool

FileFormat FlowLogDestinationOptionsPropertiesFileFormat
HiveCompatiblePartitions bool
PerHourPartition bool

fileFormat FlowLogDestinationOptionsPropertiesFileFormat
hiveCompatiblePartitions Boolean
perHourPartition Boolean

fileFormat FlowLogDestinationOptionsPropertiesFileFormat
hiveCompatiblePartitions boolean
perHourPartition boolean

file_format FlowLogDestinationOptionsPropertiesFileFormat
hive_compatible_partitions bool
per_hour_partition bool

fileFormat "plain-text" | "parquet"
hiveCompatiblePartitions Boolean
perHourPartition Boolean

FlowLogDestinationOptionsPropertiesFileFormat

PlainText: plain-text
Parquet: parquet

FlowLogDestinationOptionsPropertiesFileFormatPlainText: plain-text
FlowLogDestinationOptionsPropertiesFileFormatParquet: parquet

PlainText: plain-text
Parquet: parquet

PlainText: plain-text
Parquet: parquet

PLAIN_TEXT: plain-text
PARQUET: parquet

"plain-text": plain-text
"parquet": parquet

FlowLogLogDestinationType

CloudWatchLogs: cloud-watch-logs
S3: s3
KinesisDataFirehose: kinesis-data-firehose

FlowLogLogDestinationTypeCloudWatchLogs: cloud-watch-logs
FlowLogLogDestinationTypeS3: s3
FlowLogLogDestinationTypeKinesisDataFirehose: kinesis-data-firehose

CloudWatchLogs: cloud-watch-logs
S3: s3
KinesisDataFirehose: kinesis-data-firehose

CloudWatchLogs: cloud-watch-logs
S3: s3
KinesisDataFirehose: kinesis-data-firehose

CLOUD_WATCH_LOGS: cloud-watch-logs
S3: s3
KINESIS_DATA_FIREHOSE: kinesis-data-firehose

"cloud-watch-logs": cloud-watch-logs
"s3": s3
"kinesis-data-firehose": kinesis-data-firehose

FlowLogResourceType

NetworkInterface: NetworkInterface
Subnet: Subnet
Vpc: VPC
TransitGateway: TransitGateway
TransitGatewayAttachment: TransitGatewayAttachment

FlowLogResourceTypeNetworkInterface: NetworkInterface
FlowLogResourceTypeSubnet: Subnet
FlowLogResourceTypeVpc: VPC
FlowLogResourceTypeTransitGateway: TransitGateway
FlowLogResourceTypeTransitGatewayAttachment: TransitGatewayAttachment

NetworkInterface: NetworkInterface
Subnet: Subnet
Vpc: VPC
TransitGateway: TransitGateway
TransitGatewayAttachment: TransitGatewayAttachment

NetworkInterface: NetworkInterface
Subnet: Subnet
Vpc: VPC
TransitGateway: TransitGateway
TransitGatewayAttachment: TransitGatewayAttachment

NETWORK_INTERFACE: NetworkInterface
SUBNET: Subnet
VPC: VPC
TRANSIT_GATEWAY: TransitGateway
TRANSIT_GATEWAY_ATTACHMENT: TransitGatewayAttachment

"NetworkInterface": NetworkInterface
"Subnet": Subnet
"VPC": VPC
"TransitGateway": TransitGateway
"TransitGatewayAttachment": TransitGatewayAttachment

FlowLogTag

Key string
Value string

Key string
Value string

key String
value String

key string
value string

key str
value str

key String
value String

FlowLogTrafficType

Accept: ACCEPT
All: ALL
Reject: REJECT

FlowLogTrafficTypeAccept: ACCEPT
FlowLogTrafficTypeAll: ALL
FlowLogTrafficTypeReject: REJECT

Accept: ACCEPT
All: ALL
Reject: REJECT

Accept: ACCEPT
All: ALL
Reject: REJECT

ACCEPT: ACCEPT
ALL: ALL
REJECT: REJECT

"ACCEPT": ACCEPT
"ALL": ALL
"REJECT": REJECT

Package Details

Repository: https://github.com/pulumi/pulumi-aws-native
License: Apache-2.0