1. Packages
  2. AWS Classic
  3. API Docs
  4. ec2
  5. FlowLog

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.40.0 published on Wednesday, Jun 12, 2024 by Pulumi

aws.ec2.FlowLog

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.40.0 published on Wednesday, Jun 12, 2024 by Pulumi

    Provides a VPC/Subnet/ENI/Transit Gateway/Transit Gateway Attachment Flow Log to capture IP traffic for a specific network interface, subnet, or VPC. Logs are sent to a CloudWatch Log Group, a S3 Bucket, or Amazon Kinesis Data Firehose

    Example Usage

    CloudWatch Logging

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const exampleLogGroup = new aws.cloudwatch.LogGroup("example", {name: "example"});
    const assumeRole = aws.iam.getPolicyDocument({
        statements: [{
            effect: "Allow",
            principals: [{
                type: "Service",
                identifiers: ["vpc-flow-logs.amazonaws.com"],
            }],
            actions: ["sts:AssumeRole"],
        }],
    });
    const exampleRole = new aws.iam.Role("example", {
        name: "example",
        assumeRolePolicy: assumeRole.then(assumeRole => assumeRole.json),
    });
    const exampleFlowLog = new aws.ec2.FlowLog("example", {
        iamRoleArn: exampleRole.arn,
        logDestination: exampleLogGroup.arn,
        trafficType: "ALL",
        vpcId: exampleAwsVpc.id,
    });
    const example = aws.iam.getPolicyDocument({
        statements: [{
            effect: "Allow",
            actions: [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents",
                "logs:DescribeLogGroups",
                "logs:DescribeLogStreams",
            ],
            resources: ["*"],
        }],
    });
    const exampleRolePolicy = new aws.iam.RolePolicy("example", {
        name: "example",
        role: exampleRole.id,
        policy: example.then(example => example.json),
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example_log_group = aws.cloudwatch.LogGroup("example", name="example")
    assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(
        effect="Allow",
        principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
            type="Service",
            identifiers=["vpc-flow-logs.amazonaws.com"],
        )],
        actions=["sts:AssumeRole"],
    )])
    example_role = aws.iam.Role("example",
        name="example",
        assume_role_policy=assume_role.json)
    example_flow_log = aws.ec2.FlowLog("example",
        iam_role_arn=example_role.arn,
        log_destination=example_log_group.arn,
        traffic_type="ALL",
        vpc_id=example_aws_vpc["id"])
    example = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(
        effect="Allow",
        actions=[
            "logs:CreateLogGroup",
            "logs:CreateLogStream",
            "logs:PutLogEvents",
            "logs:DescribeLogGroups",
            "logs:DescribeLogStreams",
        ],
        resources=["*"],
    )])
    example_role_policy = aws.iam.RolePolicy("example",
        name="example",
        role=example_role.id,
        policy=example.json)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		exampleLogGroup, err := cloudwatch.NewLogGroup(ctx, "example", &cloudwatch.LogGroupArgs{
    			Name: pulumi.String("example"),
    		})
    		if err != nil {
    			return err
    		}
    		assumeRole, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
    			Statements: []iam.GetPolicyDocumentStatement{
    				{
    					Effect: pulumi.StringRef("Allow"),
    					Principals: []iam.GetPolicyDocumentStatementPrincipal{
    						{
    							Type: "Service",
    							Identifiers: []string{
    								"vpc-flow-logs.amazonaws.com",
    							},
    						},
    					},
    					Actions: []string{
    						"sts:AssumeRole",
    					},
    				},
    			},
    		}, nil)
    		if err != nil {
    			return err
    		}
    		exampleRole, err := iam.NewRole(ctx, "example", &iam.RoleArgs{
    			Name:             pulumi.String("example"),
    			AssumeRolePolicy: pulumi.String(assumeRole.Json),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = ec2.NewFlowLog(ctx, "example", &ec2.FlowLogArgs{
    			IamRoleArn:     exampleRole.Arn,
    			LogDestination: exampleLogGroup.Arn,
    			TrafficType:    pulumi.String("ALL"),
    			VpcId:          pulumi.Any(exampleAwsVpc.Id),
    		})
    		if err != nil {
    			return err
    		}
    		example, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
    			Statements: []iam.GetPolicyDocumentStatement{
    				{
    					Effect: pulumi.StringRef("Allow"),
    					Actions: []string{
    						"logs:CreateLogGroup",
    						"logs:CreateLogStream",
    						"logs:PutLogEvents",
    						"logs:DescribeLogGroups",
    						"logs:DescribeLogStreams",
    					},
    					Resources: []string{
    						"*",
    					},
    				},
    			},
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = iam.NewRolePolicy(ctx, "example", &iam.RolePolicyArgs{
    			Name:   pulumi.String("example"),
    			Role:   exampleRole.ID(),
    			Policy: pulumi.String(example.Json),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var exampleLogGroup = new Aws.CloudWatch.LogGroup("example", new()
        {
            Name = "example",
        });
    
        var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()
        {
            Statements = new[]
            {
                new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
                {
                    Effect = "Allow",
                    Principals = new[]
                    {
                        new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                        {
                            Type = "Service",
                            Identifiers = new[]
                            {
                                "vpc-flow-logs.amazonaws.com",
                            },
                        },
                    },
                    Actions = new[]
                    {
                        "sts:AssumeRole",
                    },
                },
            },
        });
    
        var exampleRole = new Aws.Iam.Role("example", new()
        {
            Name = "example",
            AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
        });
    
        var exampleFlowLog = new Aws.Ec2.FlowLog("example", new()
        {
            IamRoleArn = exampleRole.Arn,
            LogDestination = exampleLogGroup.Arn,
            TrafficType = "ALL",
            VpcId = exampleAwsVpc.Id,
        });
    
        var example = Aws.Iam.GetPolicyDocument.Invoke(new()
        {
            Statements = new[]
            {
                new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
                {
                    Effect = "Allow",
                    Actions = new[]
                    {
                        "logs:CreateLogGroup",
                        "logs:CreateLogStream",
                        "logs:PutLogEvents",
                        "logs:DescribeLogGroups",
                        "logs:DescribeLogStreams",
                    },
                    Resources = new[]
                    {
                        "*",
                    },
                },
            },
        });
    
        var exampleRolePolicy = new Aws.Iam.RolePolicy("example", new()
        {
            Name = "example",
            Role = exampleRole.Id,
            Policy = example.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.cloudwatch.LogGroup;
    import com.pulumi.aws.cloudwatch.LogGroupArgs;
    import com.pulumi.aws.iam.IamFunctions;
    import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
    import com.pulumi.aws.iam.Role;
    import com.pulumi.aws.iam.RoleArgs;
    import com.pulumi.aws.ec2.FlowLog;
    import com.pulumi.aws.ec2.FlowLogArgs;
    import com.pulumi.aws.iam.RolePolicy;
    import com.pulumi.aws.iam.RolePolicyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var exampleLogGroup = new LogGroup("exampleLogGroup", LogGroupArgs.builder()
                .name("example")
                .build());
    
            final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
                .statements(GetPolicyDocumentStatementArgs.builder()
                    .effect("Allow")
                    .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                        .type("Service")
                        .identifiers("vpc-flow-logs.amazonaws.com")
                        .build())
                    .actions("sts:AssumeRole")
                    .build())
                .build());
    
            var exampleRole = new Role("exampleRole", RoleArgs.builder()
                .name("example")
                .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
                .build());
    
            var exampleFlowLog = new FlowLog("exampleFlowLog", FlowLogArgs.builder()
                .iamRoleArn(exampleRole.arn())
                .logDestination(exampleLogGroup.arn())
                .trafficType("ALL")
                .vpcId(exampleAwsVpc.id())
                .build());
    
            final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
                .statements(GetPolicyDocumentStatementArgs.builder()
                    .effect("Allow")
                    .actions(                
                        "logs:CreateLogGroup",
                        "logs:CreateLogStream",
                        "logs:PutLogEvents",
                        "logs:DescribeLogGroups",
                        "logs:DescribeLogStreams")
                    .resources("*")
                    .build())
                .build());
    
            var exampleRolePolicy = new RolePolicy("exampleRolePolicy", RolePolicyArgs.builder()
                .name("example")
                .role(exampleRole.id())
                .policy(example.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
                .build());
    
        }
    }
    
    resources:
      exampleFlowLog:
        type: aws:ec2:FlowLog
        name: example
        properties:
          iamRoleArn: ${exampleRole.arn}
          logDestination: ${exampleLogGroup.arn}
          trafficType: ALL
          vpcId: ${exampleAwsVpc.id}
      exampleLogGroup:
        type: aws:cloudwatch:LogGroup
        name: example
        properties:
          name: example
      exampleRole:
        type: aws:iam:Role
        name: example
        properties:
          name: example
          assumeRolePolicy: ${assumeRole.json}
      exampleRolePolicy:
        type: aws:iam:RolePolicy
        name: example
        properties:
          name: example
          role: ${exampleRole.id}
          policy: ${example.json}
    variables:
      assumeRole:
        fn::invoke:
          Function: aws:iam:getPolicyDocument
          Arguments:
            statements:
              - effect: Allow
                principals:
                  - type: Service
                    identifiers:
                      - vpc-flow-logs.amazonaws.com
                actions:
                  - sts:AssumeRole
      example:
        fn::invoke:
          Function: aws:iam:getPolicyDocument
          Arguments:
            statements:
              - effect: Allow
                actions:
                  - logs:CreateLogGroup
                  - logs:CreateLogStream
                  - logs:PutLogEvents
                  - logs:DescribeLogGroups
                  - logs:DescribeLogStreams
                resources:
                  - '*'
    

    Amazon Kinesis Data Firehose logging

    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.s3.BucketV2;
    import com.pulumi.aws.s3.BucketV2Args;
    import com.pulumi.aws.iam.IamFunctions;
    import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
    import com.pulumi.aws.iam.Role;
    import com.pulumi.aws.iam.RoleArgs;
    import com.pulumi.aws.kinesis.FirehoseDeliveryStream;
    import com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;
    import com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs;
    import com.pulumi.aws.ec2.FlowLog;
    import com.pulumi.aws.ec2.FlowLogArgs;
    import com.pulumi.aws.s3.BucketAclV2;
    import com.pulumi.aws.s3.BucketAclV2Args;
    import com.pulumi.aws.iam.RolePolicy;
    import com.pulumi.aws.iam.RolePolicyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var exampleBucketV2 = new BucketV2("exampleBucketV2", BucketV2Args.builder()
                .bucket("example")
                .build());
    
            final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
                .statements(GetPolicyDocumentStatementArgs.builder()
                    .effect("Allow")
                    .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                        .type("Service")
                        .identifiers("firehose.amazonaws.com")
                        .build())
                    .actions("sts:AssumeRole")
                    .build())
                .build());
    
            var exampleRole = new Role("exampleRole", RoleArgs.builder()
                .name("firehose_test_role")
                .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
                .build());
    
            var exampleFirehoseDeliveryStream = new FirehoseDeliveryStream("exampleFirehoseDeliveryStream", FirehoseDeliveryStreamArgs.builder()
                .name("kinesis_firehose_test")
                .destination("extended_s3")
                .extendedS3Configuration(FirehoseDeliveryStreamExtendedS3ConfigurationArgs.builder()
                    .roleArn(exampleRole.arn())
                    .bucketArn(exampleBucketV2.arn())
                    .build())
                .tags(Map.of("LogDeliveryEnabled", "true"))
                .build());
    
            var exampleFlowLog = new FlowLog("exampleFlowLog", FlowLogArgs.builder()
                .logDestination(exampleFirehoseDeliveryStream.arn())
                .logDestinationType("kinesis-data-firehose")
                .trafficType("ALL")
                .vpcId(exampleAwsVpc.id())
                .build());
    
            var exampleBucketAclV2 = new BucketAclV2("exampleBucketAclV2", BucketAclV2Args.builder()
                .bucket(exampleBucketV2.id())
                .acl("private")
                .build());
    
            final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
                .effect("Allow")
                .actions(            
                    "logs:CreateLogDelivery",
                    "logs:DeleteLogDelivery",
                    "logs:ListLogDeliveries",
                    "logs:GetLogDelivery",
                    "firehose:TagDeliveryStream")
                .resources("*")
                .build());
    
            var exampleRolePolicy = new RolePolicy("exampleRolePolicy", RolePolicyArgs.builder()
                .name("test")
                .role(exampleRole.id())
                .policy(example.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
                .build());
    
        }
    }
    
    resources:
      exampleFlowLog:
        type: aws:ec2:FlowLog
        name: example
        properties:
          logDestination: ${exampleFirehoseDeliveryStream.arn}
          logDestinationType: kinesis-data-firehose
          trafficType: ALL
          vpcId: ${exampleAwsVpc.id}
      exampleFirehoseDeliveryStream:
        type: aws:kinesis:FirehoseDeliveryStream
        name: example
        properties:
          name: kinesis_firehose_test
          destination: extended_s3
          extendedS3Configuration:
            roleArn: ${exampleRole.arn}
            bucketArn: ${exampleBucketV2.arn}
          tags:
            LogDeliveryEnabled: 'true'
      exampleBucketV2:
        type: aws:s3:BucketV2
        name: example
        properties:
          bucket: example
      exampleBucketAclV2:
        type: aws:s3:BucketAclV2
        name: example
        properties:
          bucket: ${exampleBucketV2.id}
          acl: private
      exampleRole:
        type: aws:iam:Role
        name: example
        properties:
          name: firehose_test_role
          assumeRolePolicy: ${assumeRole.json}
      exampleRolePolicy:
        type: aws:iam:RolePolicy
        name: example
        properties:
          name: test
          role: ${exampleRole.id}
          policy: ${example.json}
    variables:
      assumeRole:
        fn::invoke:
          Function: aws:iam:getPolicyDocument
          Arguments:
            statements:
              - effect: Allow
                principals:
                  - type: Service
                    identifiers:
                      - firehose.amazonaws.com
                actions:
                  - sts:AssumeRole
      example:
        fn::invoke:
          Function: aws:iam:getPolicyDocument
          Arguments:
            effect: Allow
            actions:
              - logs:CreateLogDelivery
              - logs:DeleteLogDelivery
              - logs:ListLogDeliveries
              - logs:GetLogDelivery
              - firehose:TagDeliveryStream
            resources:
              - '*'
    

    S3 Logging

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const exampleBucketV2 = new aws.s3.BucketV2("example", {bucket: "example"});
    const example = new aws.ec2.FlowLog("example", {
        logDestination: exampleBucketV2.arn,
        logDestinationType: "s3",
        trafficType: "ALL",
        vpcId: exampleAwsVpc.id,
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example_bucket_v2 = aws.s3.BucketV2("example", bucket="example")
    example = aws.ec2.FlowLog("example",
        log_destination=example_bucket_v2.arn,
        log_destination_type="s3",
        traffic_type="ALL",
        vpc_id=example_aws_vpc["id"])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		exampleBucketV2, err := s3.NewBucketV2(ctx, "example", &s3.BucketV2Args{
    			Bucket: pulumi.String("example"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = ec2.NewFlowLog(ctx, "example", &ec2.FlowLogArgs{
    			LogDestination:     exampleBucketV2.Arn,
    			LogDestinationType: pulumi.String("s3"),
    			TrafficType:        pulumi.String("ALL"),
    			VpcId:              pulumi.Any(exampleAwsVpc.Id),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var exampleBucketV2 = new Aws.S3.BucketV2("example", new()
        {
            Bucket = "example",
        });
    
        var example = new Aws.Ec2.FlowLog("example", new()
        {
            LogDestination = exampleBucketV2.Arn,
            LogDestinationType = "s3",
            TrafficType = "ALL",
            VpcId = exampleAwsVpc.Id,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.s3.BucketV2;
    import com.pulumi.aws.s3.BucketV2Args;
    import com.pulumi.aws.ec2.FlowLog;
    import com.pulumi.aws.ec2.FlowLogArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var exampleBucketV2 = new BucketV2("exampleBucketV2", BucketV2Args.builder()
                .bucket("example")
                .build());
    
            var example = new FlowLog("example", FlowLogArgs.builder()
                .logDestination(exampleBucketV2.arn())
                .logDestinationType("s3")
                .trafficType("ALL")
                .vpcId(exampleAwsVpc.id())
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:ec2:FlowLog
        properties:
          logDestination: ${exampleBucketV2.arn}
          logDestinationType: s3
          trafficType: ALL
          vpcId: ${exampleAwsVpc.id}
      exampleBucketV2:
        type: aws:s3:BucketV2
        name: example
        properties:
          bucket: example
    

    S3 Logging in Apache Parquet format with per-hour partitions

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const exampleBucketV2 = new aws.s3.BucketV2("example", {bucket: "example"});
    const example = new aws.ec2.FlowLog("example", {
        logDestination: exampleBucketV2.arn,
        logDestinationType: "s3",
        trafficType: "ALL",
        vpcId: exampleAwsVpc.id,
        destinationOptions: {
            fileFormat: "parquet",
            perHourPartition: true,
        },
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example_bucket_v2 = aws.s3.BucketV2("example", bucket="example")
    example = aws.ec2.FlowLog("example",
        log_destination=example_bucket_v2.arn,
        log_destination_type="s3",
        traffic_type="ALL",
        vpc_id=example_aws_vpc["id"],
        destination_options=aws.ec2.FlowLogDestinationOptionsArgs(
            file_format="parquet",
            per_hour_partition=True,
        ))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		exampleBucketV2, err := s3.NewBucketV2(ctx, "example", &s3.BucketV2Args{
    			Bucket: pulumi.String("example"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = ec2.NewFlowLog(ctx, "example", &ec2.FlowLogArgs{
    			LogDestination:     exampleBucketV2.Arn,
    			LogDestinationType: pulumi.String("s3"),
    			TrafficType:        pulumi.String("ALL"),
    			VpcId:              pulumi.Any(exampleAwsVpc.Id),
    			DestinationOptions: &ec2.FlowLogDestinationOptionsArgs{
    				FileFormat:       pulumi.String("parquet"),
    				PerHourPartition: pulumi.Bool(true),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var exampleBucketV2 = new Aws.S3.BucketV2("example", new()
        {
            Bucket = "example",
        });
    
        var example = new Aws.Ec2.FlowLog("example", new()
        {
            LogDestination = exampleBucketV2.Arn,
            LogDestinationType = "s3",
            TrafficType = "ALL",
            VpcId = exampleAwsVpc.Id,
            DestinationOptions = new Aws.Ec2.Inputs.FlowLogDestinationOptionsArgs
            {
                FileFormat = "parquet",
                PerHourPartition = true,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.s3.BucketV2;
    import com.pulumi.aws.s3.BucketV2Args;
    import com.pulumi.aws.ec2.FlowLog;
    import com.pulumi.aws.ec2.FlowLogArgs;
    import com.pulumi.aws.ec2.inputs.FlowLogDestinationOptionsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var exampleBucketV2 = new BucketV2("exampleBucketV2", BucketV2Args.builder()
                .bucket("example")
                .build());
    
            var example = new FlowLog("example", FlowLogArgs.builder()
                .logDestination(exampleBucketV2.arn())
                .logDestinationType("s3")
                .trafficType("ALL")
                .vpcId(exampleAwsVpc.id())
                .destinationOptions(FlowLogDestinationOptionsArgs.builder()
                    .fileFormat("parquet")
                    .perHourPartition(true)
                    .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:ec2:FlowLog
        properties:
          logDestination: ${exampleBucketV2.arn}
          logDestinationType: s3
          trafficType: ALL
          vpcId: ${exampleAwsVpc.id}
          destinationOptions:
            fileFormat: parquet
            perHourPartition: true
      exampleBucketV2:
        type: aws:s3:BucketV2
        name: example
        properties:
          bucket: example
    

    Create FlowLog Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new FlowLog(name: string, args?: FlowLogArgs, opts?: CustomResourceOptions);
    @overload
    def FlowLog(resource_name: str,
                args: Optional[FlowLogArgs] = None,
                opts: Optional[ResourceOptions] = None)
    
    @overload
    def FlowLog(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                deliver_cross_account_role: Optional[str] = None,
                destination_options: Optional[FlowLogDestinationOptionsArgs] = None,
                eni_id: Optional[str] = None,
                iam_role_arn: Optional[str] = None,
                log_destination: Optional[str] = None,
                log_destination_type: Optional[str] = None,
                log_format: Optional[str] = None,
                log_group_name: Optional[str] = None,
                max_aggregation_interval: Optional[int] = None,
                subnet_id: Optional[str] = None,
                tags: Optional[Mapping[str, str]] = None,
                traffic_type: Optional[str] = None,
                transit_gateway_attachment_id: Optional[str] = None,
                transit_gateway_id: Optional[str] = None,
                vpc_id: Optional[str] = None)
    func NewFlowLog(ctx *Context, name string, args *FlowLogArgs, opts ...ResourceOption) (*FlowLog, error)
    public FlowLog(string name, FlowLogArgs? args = null, CustomResourceOptions? opts = null)
    public FlowLog(String name, FlowLogArgs args)
    public FlowLog(String name, FlowLogArgs args, CustomResourceOptions options)
    
    type: aws:ec2:FlowLog
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args FlowLogArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args FlowLogArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args FlowLogArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args FlowLogArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args FlowLogArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var flowLogResource = new Aws.Ec2.FlowLog("flowLogResource", new()
    {
        DeliverCrossAccountRole = "string",
        DestinationOptions = new Aws.Ec2.Inputs.FlowLogDestinationOptionsArgs
        {
            FileFormat = "string",
            HiveCompatiblePartitions = false,
            PerHourPartition = false,
        },
        EniId = "string",
        IamRoleArn = "string",
        LogDestination = "string",
        LogDestinationType = "string",
        LogFormat = "string",
        MaxAggregationInterval = 0,
        SubnetId = "string",
        Tags = 
        {
            { "string", "string" },
        },
        TrafficType = "string",
        TransitGatewayAttachmentId = "string",
        TransitGatewayId = "string",
        VpcId = "string",
    });
    
    example, err := ec2.NewFlowLog(ctx, "flowLogResource", &ec2.FlowLogArgs{
    	DeliverCrossAccountRole: pulumi.String("string"),
    	DestinationOptions: &ec2.FlowLogDestinationOptionsArgs{
    		FileFormat:               pulumi.String("string"),
    		HiveCompatiblePartitions: pulumi.Bool(false),
    		PerHourPartition:         pulumi.Bool(false),
    	},
    	EniId:                  pulumi.String("string"),
    	IamRoleArn:             pulumi.String("string"),
    	LogDestination:         pulumi.String("string"),
    	LogDestinationType:     pulumi.String("string"),
    	LogFormat:              pulumi.String("string"),
    	MaxAggregationInterval: pulumi.Int(0),
    	SubnetId:               pulumi.String("string"),
    	Tags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	TrafficType:                pulumi.String("string"),
    	TransitGatewayAttachmentId: pulumi.String("string"),
    	TransitGatewayId:           pulumi.String("string"),
    	VpcId:                      pulumi.String("string"),
    })
    
    var flowLogResource = new FlowLog("flowLogResource", FlowLogArgs.builder()
        .deliverCrossAccountRole("string")
        .destinationOptions(FlowLogDestinationOptionsArgs.builder()
            .fileFormat("string")
            .hiveCompatiblePartitions(false)
            .perHourPartition(false)
            .build())
        .eniId("string")
        .iamRoleArn("string")
        .logDestination("string")
        .logDestinationType("string")
        .logFormat("string")
        .maxAggregationInterval(0)
        .subnetId("string")
        .tags(Map.of("string", "string"))
        .trafficType("string")
        .transitGatewayAttachmentId("string")
        .transitGatewayId("string")
        .vpcId("string")
        .build());
    
    flow_log_resource = aws.ec2.FlowLog("flowLogResource",
        deliver_cross_account_role="string",
        destination_options=aws.ec2.FlowLogDestinationOptionsArgs(
            file_format="string",
            hive_compatible_partitions=False,
            per_hour_partition=False,
        ),
        eni_id="string",
        iam_role_arn="string",
        log_destination="string",
        log_destination_type="string",
        log_format="string",
        max_aggregation_interval=0,
        subnet_id="string",
        tags={
            "string": "string",
        },
        traffic_type="string",
        transit_gateway_attachment_id="string",
        transit_gateway_id="string",
        vpc_id="string")
    
    const flowLogResource = new aws.ec2.FlowLog("flowLogResource", {
        deliverCrossAccountRole: "string",
        destinationOptions: {
            fileFormat: "string",
            hiveCompatiblePartitions: false,
            perHourPartition: false,
        },
        eniId: "string",
        iamRoleArn: "string",
        logDestination: "string",
        logDestinationType: "string",
        logFormat: "string",
        maxAggregationInterval: 0,
        subnetId: "string",
        tags: {
            string: "string",
        },
        trafficType: "string",
        transitGatewayAttachmentId: "string",
        transitGatewayId: "string",
        vpcId: "string",
    });
    
    type: aws:ec2:FlowLog
    properties:
        deliverCrossAccountRole: string
        destinationOptions:
            fileFormat: string
            hiveCompatiblePartitions: false
            perHourPartition: false
        eniId: string
        iamRoleArn: string
        logDestination: string
        logDestinationType: string
        logFormat: string
        maxAggregationInterval: 0
        subnetId: string
        tags:
            string: string
        trafficType: string
        transitGatewayAttachmentId: string
        transitGatewayId: string
        vpcId: string
    

    FlowLog Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The FlowLog resource accepts the following input properties:

    DeliverCrossAccountRole string
    ARN of the IAM role that allows Amazon EC2 to publish flow logs across accounts.
    DestinationOptions FlowLogDestinationOptions
    Describes the destination options for a flow log. More details below.
    EniId string
    Elastic Network Interface ID to attach to
    IamRoleArn string
    The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group
    LogDestination string
    The ARN of the logging destination. Either log_destination or log_group_name must be set.
    LogDestinationType string
    The type of the logging destination. Valid values: cloud-watch-logs, s3, kinesis-data-firehose. Default: cloud-watch-logs.
    LogFormat string
    The fields to include in the flow log record. Accepted format example: "$${interface-id} $${srcaddr} $${dstaddr} $${srcport} $${dstport}".
    LogGroupName string
    Deprecated: Use log_destination instead. The name of the CloudWatch log group. Either log_group_name or log_destination must be set.

    Deprecated: use 'log_destination' argument instead

    MaxAggregationInterval int
    The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes). Default: 600. When transit_gateway_id or transit_gateway_attachment_id is specified, max_aggregation_interval must be 60 seconds (1 minute).
    SubnetId string
    Subnet ID to attach to
    Tags Dictionary<string, string>
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TrafficType string
    The type of traffic to capture. Valid values: ACCEPT,REJECT, ALL.
    TransitGatewayAttachmentId string
    Transit Gateway Attachment ID to attach to
    TransitGatewayId string
    Transit Gateway ID to attach to
    VpcId string
    VPC ID to attach to
    DeliverCrossAccountRole string
    ARN of the IAM role that allows Amazon EC2 to publish flow logs across accounts.
    DestinationOptions FlowLogDestinationOptionsArgs
    Describes the destination options for a flow log. More details below.
    EniId string
    Elastic Network Interface ID to attach to
    IamRoleArn string
    The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group
    LogDestination string
    The ARN of the logging destination. Either log_destination or log_group_name must be set.
    LogDestinationType string
    The type of the logging destination. Valid values: cloud-watch-logs, s3, kinesis-data-firehose. Default: cloud-watch-logs.
    LogFormat string
    The fields to include in the flow log record. Accepted format example: "$${interface-id} $${srcaddr} $${dstaddr} $${srcport} $${dstport}".
    LogGroupName string
    Deprecated: Use log_destination instead. The name of the CloudWatch log group. Either log_group_name or log_destination must be set.

    Deprecated: use 'log_destination' argument instead

    MaxAggregationInterval int
    The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes). Default: 600. When transit_gateway_id or transit_gateway_attachment_id is specified, max_aggregation_interval must be 60 seconds (1 minute).
    SubnetId string
    Subnet ID to attach to
    Tags map[string]string
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TrafficType string
    The type of traffic to capture. Valid values: ACCEPT,REJECT, ALL.
    TransitGatewayAttachmentId string
    Transit Gateway Attachment ID to attach to
    TransitGatewayId string
    Transit Gateway ID to attach to
    VpcId string
    VPC ID to attach to
    deliverCrossAccountRole String
    ARN of the IAM role that allows Amazon EC2 to publish flow logs across accounts.
    destinationOptions FlowLogDestinationOptions
    Describes the destination options for a flow log. More details below.
    eniId String
    Elastic Network Interface ID to attach to
    iamRoleArn String
    The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group
    logDestination String
    The ARN of the logging destination. Either log_destination or log_group_name must be set.
    logDestinationType String
    The type of the logging destination. Valid values: cloud-watch-logs, s3, kinesis-data-firehose. Default: cloud-watch-logs.
    logFormat String
    The fields to include in the flow log record. Accepted format example: "$${interface-id} $${srcaddr} $${dstaddr} $${srcport} $${dstport}".
    logGroupName String
    Deprecated: Use log_destination instead. The name of the CloudWatch log group. Either log_group_name or log_destination must be set.

    Deprecated: use 'log_destination' argument instead

    maxAggregationInterval Integer
    The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes). Default: 600. When transit_gateway_id or transit_gateway_attachment_id is specified, max_aggregation_interval must be 60 seconds (1 minute).
    subnetId String
    Subnet ID to attach to
    tags Map<String,String>
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    trafficType String
    The type of traffic to capture. Valid values: ACCEPT,REJECT, ALL.
    transitGatewayAttachmentId String
    Transit Gateway Attachment ID to attach to
    transitGatewayId String
    Transit Gateway ID to attach to
    vpcId String
    VPC ID to attach to
    deliverCrossAccountRole string
    ARN of the IAM role that allows Amazon EC2 to publish flow logs across accounts.
    destinationOptions FlowLogDestinationOptions
    Describes the destination options for a flow log. More details below.
    eniId string
    Elastic Network Interface ID to attach to
    iamRoleArn string
    The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group
    logDestination string
    The ARN of the logging destination. Either log_destination or log_group_name must be set.
    logDestinationType string
    The type of the logging destination. Valid values: cloud-watch-logs, s3, kinesis-data-firehose. Default: cloud-watch-logs.
    logFormat string
    The fields to include in the flow log record. Accepted format example: "$${interface-id} $${srcaddr} $${dstaddr} $${srcport} $${dstport}".
    logGroupName string
    Deprecated: Use log_destination instead. The name of the CloudWatch log group. Either log_group_name or log_destination must be set.

    Deprecated: use 'log_destination' argument instead

    maxAggregationInterval number
    The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes). Default: 600. When transit_gateway_id or transit_gateway_attachment_id is specified, max_aggregation_interval must be 60 seconds (1 minute).
    subnetId string
    Subnet ID to attach to
    tags {[key: string]: string}
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    trafficType string
    The type of traffic to capture. Valid values: ACCEPT,REJECT, ALL.
    transitGatewayAttachmentId string
    Transit Gateway Attachment ID to attach to
    transitGatewayId string
    Transit Gateway ID to attach to
    vpcId string
    VPC ID to attach to
    deliver_cross_account_role str
    ARN of the IAM role that allows Amazon EC2 to publish flow logs across accounts.
    destination_options FlowLogDestinationOptionsArgs
    Describes the destination options for a flow log. More details below.
    eni_id str
    Elastic Network Interface ID to attach to
    iam_role_arn str
    The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group
    log_destination str
    The ARN of the logging destination. Either log_destination or log_group_name must be set.
    log_destination_type str
    The type of the logging destination. Valid values: cloud-watch-logs, s3, kinesis-data-firehose. Default: cloud-watch-logs.
    log_format str
    The fields to include in the flow log record. Accepted format example: "$${interface-id} $${srcaddr} $${dstaddr} $${srcport} $${dstport}".
    log_group_name str
    Deprecated: Use log_destination instead. The name of the CloudWatch log group. Either log_group_name or log_destination must be set.

    Deprecated: use 'log_destination' argument instead

    max_aggregation_interval int
    The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes). Default: 600. When transit_gateway_id or transit_gateway_attachment_id is specified, max_aggregation_interval must be 60 seconds (1 minute).
    subnet_id str
    Subnet ID to attach to
    tags Mapping[str, str]
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    traffic_type str
    The type of traffic to capture. Valid values: ACCEPT,REJECT, ALL.
    transit_gateway_attachment_id str
    Transit Gateway Attachment ID to attach to
    transit_gateway_id str
    Transit Gateway ID to attach to
    vpc_id str
    VPC ID to attach to
    deliverCrossAccountRole String
    ARN of the IAM role that allows Amazon EC2 to publish flow logs across accounts.
    destinationOptions Property Map
    Describes the destination options for a flow log. More details below.
    eniId String
    Elastic Network Interface ID to attach to
    iamRoleArn String
    The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group
    logDestination String
    The ARN of the logging destination. Either log_destination or log_group_name must be set.
    logDestinationType String
    The type of the logging destination. Valid values: cloud-watch-logs, s3, kinesis-data-firehose. Default: cloud-watch-logs.
    logFormat String
    The fields to include in the flow log record. Accepted format example: "$${interface-id} $${srcaddr} $${dstaddr} $${srcport} $${dstport}".
    logGroupName String
    Deprecated: Use log_destination instead. The name of the CloudWatch log group. Either log_group_name or log_destination must be set.

    Deprecated: use 'log_destination' argument instead

    maxAggregationInterval Number
    The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes). Default: 600. When transit_gateway_id or transit_gateway_attachment_id is specified, max_aggregation_interval must be 60 seconds (1 minute).
    subnetId String
    Subnet ID to attach to
    tags Map<String>
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    trafficType String
    The type of traffic to capture. Valid values: ACCEPT,REJECT, ALL.
    transitGatewayAttachmentId String
    Transit Gateway Attachment ID to attach to
    transitGatewayId String
    Transit Gateway ID to attach to
    vpcId String
    VPC ID to attach to

    Outputs

    All input properties are implicitly available as output properties. Additionally, the FlowLog resource produces the following output properties:

    Arn string
    The ARN of the Flow Log.
    Id string
    The provider-assigned unique ID for this managed resource.
    TagsAll Dictionary<string, string>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    Arn string
    The ARN of the Flow Log.
    Id string
    The provider-assigned unique ID for this managed resource.
    TagsAll map[string]string
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn String
    The ARN of the Flow Log.
    id String
    The provider-assigned unique ID for this managed resource.
    tagsAll Map<String,String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn string
    The ARN of the Flow Log.
    id string
    The provider-assigned unique ID for this managed resource.
    tagsAll {[key: string]: string}
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn str
    The ARN of the Flow Log.
    id str
    The provider-assigned unique ID for this managed resource.
    tags_all Mapping[str, str]
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn String
    The ARN of the Flow Log.
    id String
    The provider-assigned unique ID for this managed resource.
    tagsAll Map<String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    Look up Existing FlowLog Resource

    Get an existing FlowLog resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: FlowLogState, opts?: CustomResourceOptions): FlowLog
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            arn: Optional[str] = None,
            deliver_cross_account_role: Optional[str] = None,
            destination_options: Optional[FlowLogDestinationOptionsArgs] = None,
            eni_id: Optional[str] = None,
            iam_role_arn: Optional[str] = None,
            log_destination: Optional[str] = None,
            log_destination_type: Optional[str] = None,
            log_format: Optional[str] = None,
            log_group_name: Optional[str] = None,
            max_aggregation_interval: Optional[int] = None,
            subnet_id: Optional[str] = None,
            tags: Optional[Mapping[str, str]] = None,
            tags_all: Optional[Mapping[str, str]] = None,
            traffic_type: Optional[str] = None,
            transit_gateway_attachment_id: Optional[str] = None,
            transit_gateway_id: Optional[str] = None,
            vpc_id: Optional[str] = None) -> FlowLog
    func GetFlowLog(ctx *Context, name string, id IDInput, state *FlowLogState, opts ...ResourceOption) (*FlowLog, error)
    public static FlowLog Get(string name, Input<string> id, FlowLogState? state, CustomResourceOptions? opts = null)
    public static FlowLog get(String name, Output<String> id, FlowLogState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Arn string
    The ARN of the Flow Log.
    DeliverCrossAccountRole string
    ARN of the IAM role that allows Amazon EC2 to publish flow logs across accounts.
    DestinationOptions FlowLogDestinationOptions
    Describes the destination options for a flow log. More details below.
    EniId string
    Elastic Network Interface ID to attach to
    IamRoleArn string
    The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group
    LogDestination string
    The ARN of the logging destination. Either log_destination or log_group_name must be set.
    LogDestinationType string
    The type of the logging destination. Valid values: cloud-watch-logs, s3, kinesis-data-firehose. Default: cloud-watch-logs.
    LogFormat string
    The fields to include in the flow log record. Accepted format example: "$${interface-id} $${srcaddr} $${dstaddr} $${srcport} $${dstport}".
    LogGroupName string
    Deprecated: Use log_destination instead. The name of the CloudWatch log group. Either log_group_name or log_destination must be set.

    Deprecated: use 'log_destination' argument instead

    MaxAggregationInterval int
    The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes). Default: 600. When transit_gateway_id or transit_gateway_attachment_id is specified, max_aggregation_interval must be 60 seconds (1 minute).
    SubnetId string
    Subnet ID to attach to
    Tags Dictionary<string, string>
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll Dictionary<string, string>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    TrafficType string
    The type of traffic to capture. Valid values: ACCEPT,REJECT, ALL.
    TransitGatewayAttachmentId string
    Transit Gateway Attachment ID to attach to
    TransitGatewayId string
    Transit Gateway ID to attach to
    VpcId string
    VPC ID to attach to
    Arn string
    The ARN of the Flow Log.
    DeliverCrossAccountRole string
    ARN of the IAM role that allows Amazon EC2 to publish flow logs across accounts.
    DestinationOptions FlowLogDestinationOptionsArgs
    Describes the destination options for a flow log. More details below.
    EniId string
    Elastic Network Interface ID to attach to
    IamRoleArn string
    The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group
    LogDestination string
    The ARN of the logging destination. Either log_destination or log_group_name must be set.
    LogDestinationType string
    The type of the logging destination. Valid values: cloud-watch-logs, s3, kinesis-data-firehose. Default: cloud-watch-logs.
    LogFormat string
    The fields to include in the flow log record. Accepted format example: "$${interface-id} $${srcaddr} $${dstaddr} $${srcport} $${dstport}".
    LogGroupName string
    Deprecated: Use log_destination instead. The name of the CloudWatch log group. Either log_group_name or log_destination must be set.

    Deprecated: use 'log_destination' argument instead

    MaxAggregationInterval int
    The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes). Default: 600. When transit_gateway_id or transit_gateway_attachment_id is specified, max_aggregation_interval must be 60 seconds (1 minute).
    SubnetId string
    Subnet ID to attach to
    Tags map[string]string
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll map[string]string
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    TrafficType string
    The type of traffic to capture. Valid values: ACCEPT,REJECT, ALL.
    TransitGatewayAttachmentId string
    Transit Gateway Attachment ID to attach to
    TransitGatewayId string
    Transit Gateway ID to attach to
    VpcId string
    VPC ID to attach to
    arn String
    The ARN of the Flow Log.
    deliverCrossAccountRole String
    ARN of the IAM role that allows Amazon EC2 to publish flow logs across accounts.
    destinationOptions FlowLogDestinationOptions
    Describes the destination options for a flow log. More details below.
    eniId String
    Elastic Network Interface ID to attach to
    iamRoleArn String
    The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group
    logDestination String
    The ARN of the logging destination. Either log_destination or log_group_name must be set.
    logDestinationType String
    The type of the logging destination. Valid values: cloud-watch-logs, s3, kinesis-data-firehose. Default: cloud-watch-logs.
    logFormat String
    The fields to include in the flow log record. Accepted format example: "$${interface-id} $${srcaddr} $${dstaddr} $${srcport} $${dstport}".
    logGroupName String
    Deprecated: Use log_destination instead. The name of the CloudWatch log group. Either log_group_name or log_destination must be set.

    Deprecated: use 'log_destination' argument instead

    maxAggregationInterval Integer
    The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes). Default: 600. When transit_gateway_id or transit_gateway_attachment_id is specified, max_aggregation_interval must be 60 seconds (1 minute).
    subnetId String
    Subnet ID to attach to
    tags Map<String,String>
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String,String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    trafficType String
    The type of traffic to capture. Valid values: ACCEPT,REJECT, ALL.
    transitGatewayAttachmentId String
    Transit Gateway Attachment ID to attach to
    transitGatewayId String
    Transit Gateway ID to attach to
    vpcId String
    VPC ID to attach to
    arn string
    The ARN of the Flow Log.
    deliverCrossAccountRole string
    ARN of the IAM role that allows Amazon EC2 to publish flow logs across accounts.
    destinationOptions FlowLogDestinationOptions
    Describes the destination options for a flow log. More details below.
    eniId string
    Elastic Network Interface ID to attach to
    iamRoleArn string
    The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group
    logDestination string
    The ARN of the logging destination. Either log_destination or log_group_name must be set.
    logDestinationType string
    The type of the logging destination. Valid values: cloud-watch-logs, s3, kinesis-data-firehose. Default: cloud-watch-logs.
    logFormat string
    The fields to include in the flow log record. Accepted format example: "$${interface-id} $${srcaddr} $${dstaddr} $${srcport} $${dstport}".
    logGroupName string
    Deprecated: Use log_destination instead. The name of the CloudWatch log group. Either log_group_name or log_destination must be set.

    Deprecated: use 'log_destination' argument instead

    maxAggregationInterval number
    The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes). Default: 600. When transit_gateway_id or transit_gateway_attachment_id is specified, max_aggregation_interval must be 60 seconds (1 minute).
    subnetId string
    Subnet ID to attach to
    tags {[key: string]: string}
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll {[key: string]: string}
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    trafficType string
    The type of traffic to capture. Valid values: ACCEPT,REJECT, ALL.
    transitGatewayAttachmentId string
    Transit Gateway Attachment ID to attach to
    transitGatewayId string
    Transit Gateway ID to attach to
    vpcId string
    VPC ID to attach to
    arn str
    The ARN of the Flow Log.
    deliver_cross_account_role str
    ARN of the IAM role that allows Amazon EC2 to publish flow logs across accounts.
    destination_options FlowLogDestinationOptionsArgs
    Describes the destination options for a flow log. More details below.
    eni_id str
    Elastic Network Interface ID to attach to
    iam_role_arn str
    The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group
    log_destination str
    The ARN of the logging destination. Either log_destination or log_group_name must be set.
    log_destination_type str
    The type of the logging destination. Valid values: cloud-watch-logs, s3, kinesis-data-firehose. Default: cloud-watch-logs.
    log_format str
    The fields to include in the flow log record. Accepted format example: "$${interface-id} $${srcaddr} $${dstaddr} $${srcport} $${dstport}".
    log_group_name str
    Deprecated: Use log_destination instead. The name of the CloudWatch log group. Either log_group_name or log_destination must be set.

    Deprecated: use 'log_destination' argument instead

    max_aggregation_interval int
    The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes). Default: 600. When transit_gateway_id or transit_gateway_attachment_id is specified, max_aggregation_interval must be 60 seconds (1 minute).
    subnet_id str
    Subnet ID to attach to
    tags Mapping[str, str]
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tags_all Mapping[str, str]
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    traffic_type str
    The type of traffic to capture. Valid values: ACCEPT,REJECT, ALL.
    transit_gateway_attachment_id str
    Transit Gateway Attachment ID to attach to
    transit_gateway_id str
    Transit Gateway ID to attach to
    vpc_id str
    VPC ID to attach to
    arn String
    The ARN of the Flow Log.
    deliverCrossAccountRole String
    ARN of the IAM role that allows Amazon EC2 to publish flow logs across accounts.
    destinationOptions Property Map
    Describes the destination options for a flow log. More details below.
    eniId String
    Elastic Network Interface ID to attach to
    iamRoleArn String
    The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group
    logDestination String
    The ARN of the logging destination. Either log_destination or log_group_name must be set.
    logDestinationType String
    The type of the logging destination. Valid values: cloud-watch-logs, s3, kinesis-data-firehose. Default: cloud-watch-logs.
    logFormat String
    The fields to include in the flow log record. Accepted format example: "$${interface-id} $${srcaddr} $${dstaddr} $${srcport} $${dstport}".
    logGroupName String
    Deprecated: Use log_destination instead. The name of the CloudWatch log group. Either log_group_name or log_destination must be set.

    Deprecated: use 'log_destination' argument instead

    maxAggregationInterval Number
    The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes). Default: 600. When transit_gateway_id or transit_gateway_attachment_id is specified, max_aggregation_interval must be 60 seconds (1 minute).
    subnetId String
    Subnet ID to attach to
    tags Map<String>
    Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    trafficType String
    The type of traffic to capture. Valid values: ACCEPT,REJECT, ALL.
    transitGatewayAttachmentId String
    Transit Gateway Attachment ID to attach to
    transitGatewayId String
    Transit Gateway ID to attach to
    vpcId String
    VPC ID to attach to

    Supporting Types

    FlowLogDestinationOptions, FlowLogDestinationOptionsArgs

    FileFormat string
    The format for the flow log. Default value: plain-text. Valid values: plain-text, parquet.
    HiveCompatiblePartitions bool
    Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3. Default value: false.
    PerHourPartition bool
    Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries. Default value: false.
    FileFormat string
    The format for the flow log. Default value: plain-text. Valid values: plain-text, parquet.
    HiveCompatiblePartitions bool
    Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3. Default value: false.
    PerHourPartition bool
    Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries. Default value: false.
    fileFormat String
    The format for the flow log. Default value: plain-text. Valid values: plain-text, parquet.
    hiveCompatiblePartitions Boolean
    Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3. Default value: false.
    perHourPartition Boolean
    Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries. Default value: false.
    fileFormat string
    The format for the flow log. Default value: plain-text. Valid values: plain-text, parquet.
    hiveCompatiblePartitions boolean
    Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3. Default value: false.
    perHourPartition boolean
    Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries. Default value: false.
    file_format str
    The format for the flow log. Default value: plain-text. Valid values: plain-text, parquet.
    hive_compatible_partitions bool
    Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3. Default value: false.
    per_hour_partition bool
    Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries. Default value: false.
    fileFormat String
    The format for the flow log. Default value: plain-text. Valid values: plain-text, parquet.
    hiveCompatiblePartitions Boolean
    Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3. Default value: false.
    perHourPartition Boolean
    Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries. Default value: false.

    Import

    Using pulumi import, import Flow Logs using the id. For example:

    $ pulumi import aws:ec2/flowLog:FlowLog test_flow_log fl-1a2b3c4d
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.40.0 published on Wednesday, Jun 12, 2024 by Pulumi