AWS Classic

Pulumi Official
Package maintained by Pulumi
v5.10.0 published on Monday, Jul 11, 2022 by Pulumi

FlowLog

Provides a VPC/Subnet/ENI Flow Log to capture IP traffic for a specific network interface, subnet, or VPC. Logs are sent to a CloudWatch Log Group or a S3 Bucket.

Example Usage

CloudWatch Logging

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var exampleLogGroup = new Aws.CloudWatch.LogGroup("exampleLogGroup", new Aws.CloudWatch.LogGroupArgs
        {
        });
        var exampleRole = new Aws.Iam.Role("exampleRole", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Sid"": """",
      ""Effect"": ""Allow"",
      ""Principal"": {
        ""Service"": ""vpc-flow-logs.amazonaws.com""
      },
      ""Action"": ""sts:AssumeRole""
    }
  ]
}
",
        });
        var exampleFlowLog = new Aws.Ec2.FlowLog("exampleFlowLog", new Aws.Ec2.FlowLogArgs
        {
            IamRoleArn = exampleRole.Arn,
            LogDestination = exampleLogGroup.Arn,
            TrafficType = "ALL",
            VpcId = aws_vpc.Example.Id,
        });
        var exampleRolePolicy = new Aws.Iam.RolePolicy("exampleRolePolicy", new Aws.Iam.RolePolicyArgs
        {
            Role = exampleRole.Id,
            Policy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": [
        ""logs:CreateLogGroup"",
        ""logs:CreateLogStream"",
        ""logs:PutLogEvents"",
        ""logs:DescribeLogGroups"",
        ""logs:DescribeLogStreams""
      ],
      ""Effect"": ""Allow"",
      ""Resource"": ""*""
    }
  ]
}
",
        });
    }

}
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/cloudwatch"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleLogGroup, err := cloudwatch.NewLogGroup(ctx, "exampleLogGroup", nil)
		if err != nil {
			return err
		}
		exampleRole, err := iam.NewRole(ctx, "exampleRole", &iam.RoleArgs{
			AssumeRolePolicy: pulumi.Any(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Sid\": \"\",\n", "      \"Effect\": \"Allow\",\n", "      \"Principal\": {\n", "        \"Service\": \"vpc-flow-logs.amazonaws.com\"\n", "      },\n", "      \"Action\": \"sts:AssumeRole\"\n", "    }\n", "  ]\n", "}\n")),
		})
		if err != nil {
			return err
		}
		_, err = ec2.NewFlowLog(ctx, "exampleFlowLog", &ec2.FlowLogArgs{
			IamRoleArn:     exampleRole.Arn,
			LogDestination: exampleLogGroup.Arn,
			TrafficType:    pulumi.String("ALL"),
			VpcId:          pulumi.Any(aws_vpc.Example.Id),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewRolePolicy(ctx, "exampleRolePolicy", &iam.RolePolicyArgs{
			Role:   exampleRole.ID(),
			Policy: pulumi.Any(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Action\": [\n", "        \"logs:CreateLogGroup\",\n", "        \"logs:CreateLogStream\",\n", "        \"logs:PutLogEvents\",\n", "        \"logs:DescribeLogGroups\",\n", "        \"logs:DescribeLogStreams\"\n", "      ],\n", "      \"Effect\": \"Allow\",\n", "      \"Resource\": \"*\"\n", "    }\n", "  ]\n", "}\n")),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleLogGroup = new LogGroup("exampleLogGroup");

        var exampleRole = new Role("exampleRole", RoleArgs.builder()        
            .assumeRolePolicy("""
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "vpc-flow-logs.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
            """)
            .build());

        var exampleFlowLog = new FlowLog("exampleFlowLog", FlowLogArgs.builder()        
            .iamRoleArn(exampleRole.arn())
            .logDestination(exampleLogGroup.arn())
            .trafficType("ALL")
            .vpcId(aws_vpc.example().id())
            .build());

        var exampleRolePolicy = new RolePolicy("exampleRolePolicy", RolePolicyArgs.builder()        
            .role(exampleRole.id())
            .policy("""
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents",
        "logs:DescribeLogGroups",
        "logs:DescribeLogStreams"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}
            """)
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example_log_group = aws.cloudwatch.LogGroup("exampleLogGroup")
example_role = aws.iam.Role("exampleRole", assume_role_policy="""{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "vpc-flow-logs.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
""")
example_flow_log = aws.ec2.FlowLog("exampleFlowLog",
    iam_role_arn=example_role.arn,
    log_destination=example_log_group.arn,
    traffic_type="ALL",
    vpc_id=aws_vpc["example"]["id"])
example_role_policy = aws.iam.RolePolicy("exampleRolePolicy",
    role=example_role.id,
    policy="""{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents",
        "logs:DescribeLogGroups",
        "logs:DescribeLogStreams"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}
""")
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleLogGroup = new aws.cloudwatch.LogGroup("exampleLogGroup", {});
const exampleRole = new aws.iam.Role("exampleRole", {assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "vpc-flow-logs.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
`});
const exampleFlowLog = new aws.ec2.FlowLog("exampleFlowLog", {
    iamRoleArn: exampleRole.arn,
    logDestination: exampleLogGroup.arn,
    trafficType: "ALL",
    vpcId: aws_vpc.example.id,
});
const exampleRolePolicy = new aws.iam.RolePolicy("exampleRolePolicy", {
    role: exampleRole.id,
    policy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents",
        "logs:DescribeLogGroups",
        "logs:DescribeLogStreams"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}
`,
});
resources:
  exampleFlowLog:
    type: aws:ec2:FlowLog
    properties:
      iamRoleArn: ${exampleRole.arn}
      logDestination: ${exampleLogGroup.arn}
      trafficType: ALL
      vpcId: ${aws_vpc.example.id}
  exampleLogGroup:
    type: aws:cloudwatch:LogGroup
  exampleRole:
    type: aws:iam:Role
    properties:
      assumeRolePolicy: |
        {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Sid": "",
              "Effect": "Allow",
              "Principal": {
                "Service": "vpc-flow-logs.amazonaws.com"
              },
              "Action": "sts:AssumeRole"
            }
          ]
        }        
  exampleRolePolicy:
    type: aws:iam:RolePolicy
    properties:
      role: ${exampleRole.id}
      policy: |
        {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents",
                "logs:DescribeLogGroups",
                "logs:DescribeLogStreams"
              ],
              "Effect": "Allow",
              "Resource": "*"
            }
          ]
        }        

S3 Logging

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var exampleBucketV2 = new Aws.S3.BucketV2("exampleBucketV2", new Aws.S3.BucketV2Args
        {
        });
        var exampleFlowLog = new Aws.Ec2.FlowLog("exampleFlowLog", new Aws.Ec2.FlowLogArgs
        {
            LogDestination = exampleBucketV2.Arn,
            LogDestinationType = "s3",
            TrafficType = "ALL",
            VpcId = aws_vpc.Example.Id,
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/s3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleBucketV2, err := s3.NewBucketV2(ctx, "exampleBucketV2", nil)
		if err != nil {
			return err
		}
		_, err = ec2.NewFlowLog(ctx, "exampleFlowLog", &ec2.FlowLogArgs{
			LogDestination:     exampleBucketV2.Arn,
			LogDestinationType: pulumi.String("s3"),
			TrafficType:        pulumi.String("ALL"),
			VpcId:              pulumi.Any(aws_vpc.Example.Id),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleBucketV2 = new BucketV2("exampleBucketV2");

        var exampleFlowLog = new FlowLog("exampleFlowLog", FlowLogArgs.builder()        
            .logDestination(exampleBucketV2.arn())
            .logDestinationType("s3")
            .trafficType("ALL")
            .vpcId(aws_vpc.example().id())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example_bucket_v2 = aws.s3.BucketV2("exampleBucketV2")
example_flow_log = aws.ec2.FlowLog("exampleFlowLog",
    log_destination=example_bucket_v2.arn,
    log_destination_type="s3",
    traffic_type="ALL",
    vpc_id=aws_vpc["example"]["id"])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleBucketV2 = new aws.s3.BucketV2("exampleBucketV2", {});
const exampleFlowLog = new aws.ec2.FlowLog("exampleFlowLog", {
    logDestination: exampleBucketV2.arn,
    logDestinationType: "s3",
    trafficType: "ALL",
    vpcId: aws_vpc.example.id,
});
resources:
  exampleFlowLog:
    type: aws:ec2:FlowLog
    properties:
      logDestination: ${exampleBucketV2.arn}
      logDestinationType: s3
      trafficType: ALL
      vpcId: ${aws_vpc.example.id}
  exampleBucketV2:
    type: aws:s3:BucketV2

S3 Logging in Apache Parquet format with per-hour partitions

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var exampleBucketV2 = new Aws.S3.BucketV2("exampleBucketV2", new Aws.S3.BucketV2Args
        {
        });
        var exampleFlowLog = new Aws.Ec2.FlowLog("exampleFlowLog", new Aws.Ec2.FlowLogArgs
        {
            LogDestination = exampleBucketV2.Arn,
            LogDestinationType = "s3",
            TrafficType = "ALL",
            VpcId = aws_vpc.Example.Id,
            DestinationOptions = new Aws.Ec2.Inputs.FlowLogDestinationOptionsArgs
            {
                FileFormat = "parquet",
                PerHourPartition = true,
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/s3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleBucketV2, err := s3.NewBucketV2(ctx, "exampleBucketV2", nil)
		if err != nil {
			return err
		}
		_, err = ec2.NewFlowLog(ctx, "exampleFlowLog", &ec2.FlowLogArgs{
			LogDestination:     exampleBucketV2.Arn,
			LogDestinationType: pulumi.String("s3"),
			TrafficType:        pulumi.String("ALL"),
			VpcId:              pulumi.Any(aws_vpc.Example.Id),
			DestinationOptions: &ec2.FlowLogDestinationOptionsArgs{
				FileFormat:       pulumi.String("parquet"),
				PerHourPartition: pulumi.Bool(true),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleBucketV2 = new BucketV2("exampleBucketV2");

        var exampleFlowLog = new FlowLog("exampleFlowLog", FlowLogArgs.builder()        
            .logDestination(exampleBucketV2.arn())
            .logDestinationType("s3")
            .trafficType("ALL")
            .vpcId(aws_vpc.example().id())
            .destinationOptions(FlowLogDestinationOptionsArgs.builder()
                .fileFormat("parquet")
                .perHourPartition(true)
                .build())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example_bucket_v2 = aws.s3.BucketV2("exampleBucketV2")
example_flow_log = aws.ec2.FlowLog("exampleFlowLog",
    log_destination=example_bucket_v2.arn,
    log_destination_type="s3",
    traffic_type="ALL",
    vpc_id=aws_vpc["example"]["id"],
    destination_options=aws.ec2.FlowLogDestinationOptionsArgs(
        file_format="parquet",
        per_hour_partition=True,
    ))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleBucketV2 = new aws.s3.BucketV2("exampleBucketV2", {});
const exampleFlowLog = new aws.ec2.FlowLog("exampleFlowLog", {
    logDestination: exampleBucketV2.arn,
    logDestinationType: "s3",
    trafficType: "ALL",
    vpcId: aws_vpc.example.id,
    destinationOptions: {
        fileFormat: "parquet",
        perHourPartition: true,
    },
});
resources:
  exampleFlowLog:
    type: aws:ec2:FlowLog
    properties:
      logDestination: ${exampleBucketV2.arn}
      logDestinationType: s3
      trafficType: ALL
      vpcId: ${aws_vpc.example.id}
      destinationOptions:
        fileFormat: parquet
        perHourPartition: true
  exampleBucketV2:
    type: aws:s3:BucketV2

Create a FlowLog Resource

new FlowLog(name: string, args: FlowLogArgs, opts?: CustomResourceOptions);
@overload
def FlowLog(resource_name: str,
            opts: Optional[ResourceOptions] = None,
            destination_options: Optional[FlowLogDestinationOptionsArgs] = None,
            eni_id: Optional[str] = None,
            iam_role_arn: Optional[str] = None,
            log_destination: Optional[str] = None,
            log_destination_type: Optional[str] = None,
            log_format: Optional[str] = None,
            log_group_name: Optional[str] = None,
            max_aggregation_interval: Optional[int] = None,
            subnet_id: Optional[str] = None,
            tags: Optional[Mapping[str, str]] = None,
            traffic_type: Optional[str] = None,
            vpc_id: Optional[str] = None)
@overload
def FlowLog(resource_name: str,
            args: FlowLogArgs,
            opts: Optional[ResourceOptions] = None)
func NewFlowLog(ctx *Context, name string, args FlowLogArgs, opts ...ResourceOption) (*FlowLog, error)
public FlowLog(string name, FlowLogArgs args, CustomResourceOptions? opts = null)
public FlowLog(String name, FlowLogArgs args)
public FlowLog(String name, FlowLogArgs args, CustomResourceOptions options)
type: aws:ec2:FlowLog
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args FlowLogArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args FlowLogArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args FlowLogArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args FlowLogArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args FlowLogArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

FlowLog Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The FlowLog resource accepts the following input properties:

TrafficType string

The type of traffic to capture. Valid values: ACCEPT,REJECT, ALL.

DestinationOptions Pulumi.Aws.Ec2.Inputs.FlowLogDestinationOptionsArgs

Describes the destination options for a flow log. More details below.

EniId string

Elastic Network Interface ID to attach to

IamRoleArn string

The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group

LogDestination string

The ARN of the logging destination.

LogDestinationType string

The type of the logging destination. Valid values: cloud-watch-logs, s3. Default: cloud-watch-logs.

LogFormat string

The fields to include in the flow log record, in the order in which they should appear.

LogGroupName string

Deprecated: Use log_destination instead. The name of the CloudWatch log group.

Deprecated:

use 'log_destination' argument instead

MaxAggregationInterval int

The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes). Default: 600.

SubnetId string

Subnet ID to attach to

Tags Dictionary<string, string>

Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

VpcId string

VPC ID to attach to

TrafficType string

The type of traffic to capture. Valid values: ACCEPT,REJECT, ALL.

DestinationOptions FlowLogDestinationOptionsArgs

Describes the destination options for a flow log. More details below.

EniId string

Elastic Network Interface ID to attach to

IamRoleArn string

The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group

LogDestination string

The ARN of the logging destination.

LogDestinationType string

The type of the logging destination. Valid values: cloud-watch-logs, s3. Default: cloud-watch-logs.

LogFormat string

The fields to include in the flow log record, in the order in which they should appear.

LogGroupName string

Deprecated: Use log_destination instead. The name of the CloudWatch log group.

Deprecated:

use 'log_destination' argument instead

MaxAggregationInterval int

The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes). Default: 600.

SubnetId string

Subnet ID to attach to

Tags map[string]string

Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

VpcId string

VPC ID to attach to

trafficType String

The type of traffic to capture. Valid values: ACCEPT,REJECT, ALL.

destinationOptions FlowLogDestinationOptionsArgs

Describes the destination options for a flow log. More details below.

eniId String

Elastic Network Interface ID to attach to

iamRoleArn String

The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group

logDestination String

The ARN of the logging destination.

logDestinationType String

The type of the logging destination. Valid values: cloud-watch-logs, s3. Default: cloud-watch-logs.

logFormat String

The fields to include in the flow log record, in the order in which they should appear.

logGroupName String

Deprecated: Use log_destination instead. The name of the CloudWatch log group.

Deprecated:

use 'log_destination' argument instead

maxAggregationInterval Integer

The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes). Default: 600.

subnetId String

Subnet ID to attach to

tags Map<String,String>

Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

vpcId String

VPC ID to attach to

trafficType string

The type of traffic to capture. Valid values: ACCEPT,REJECT, ALL.

destinationOptions FlowLogDestinationOptionsArgs

Describes the destination options for a flow log. More details below.

eniId string

Elastic Network Interface ID to attach to

iamRoleArn string

The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group

logDestination string

The ARN of the logging destination.

logDestinationType string

The type of the logging destination. Valid values: cloud-watch-logs, s3. Default: cloud-watch-logs.

logFormat string

The fields to include in the flow log record, in the order in which they should appear.

logGroupName string

Deprecated: Use log_destination instead. The name of the CloudWatch log group.

Deprecated:

use 'log_destination' argument instead

maxAggregationInterval number

The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes). Default: 600.

subnetId string

Subnet ID to attach to

tags {[key: string]: string}

Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

vpcId string

VPC ID to attach to

traffic_type str

The type of traffic to capture. Valid values: ACCEPT,REJECT, ALL.

destination_options FlowLogDestinationOptionsArgs

Describes the destination options for a flow log. More details below.

eni_id str

Elastic Network Interface ID to attach to

iam_role_arn str

The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group

log_destination str

The ARN of the logging destination.

log_destination_type str

The type of the logging destination. Valid values: cloud-watch-logs, s3. Default: cloud-watch-logs.

log_format str

The fields to include in the flow log record, in the order in which they should appear.

log_group_name str

Deprecated: Use log_destination instead. The name of the CloudWatch log group.

Deprecated:

use 'log_destination' argument instead

max_aggregation_interval int

The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes). Default: 600.

subnet_id str

Subnet ID to attach to

tags Mapping[str, str]

Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

vpc_id str

VPC ID to attach to

trafficType String

The type of traffic to capture. Valid values: ACCEPT,REJECT, ALL.

destinationOptions Property Map

Describes the destination options for a flow log. More details below.

eniId String

Elastic Network Interface ID to attach to

iamRoleArn String

The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group

logDestination String

The ARN of the logging destination.

logDestinationType String

The type of the logging destination. Valid values: cloud-watch-logs, s3. Default: cloud-watch-logs.

logFormat String

The fields to include in the flow log record, in the order in which they should appear.

logGroupName String

Deprecated: Use log_destination instead. The name of the CloudWatch log group.

Deprecated:

use 'log_destination' argument instead

maxAggregationInterval Number

The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes). Default: 600.

subnetId String

Subnet ID to attach to

tags Map<String>

Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

vpcId String

VPC ID to attach to

Outputs

All input properties are implicitly available as output properties. Additionally, the FlowLog resource produces the following output properties:

Arn string

The ARN of the Flow Log.

Id string

The provider-assigned unique ID for this managed resource.

TagsAll Dictionary<string, string>

A map of tags assigned to the resource, including those inherited from the provider .

Arn string

The ARN of the Flow Log.

Id string

The provider-assigned unique ID for this managed resource.

TagsAll map[string]string

A map of tags assigned to the resource, including those inherited from the provider .

arn String

The ARN of the Flow Log.

id String

The provider-assigned unique ID for this managed resource.

tagsAll Map<String,String>

A map of tags assigned to the resource, including those inherited from the provider .

arn string

The ARN of the Flow Log.

id string

The provider-assigned unique ID for this managed resource.

tagsAll {[key: string]: string}

A map of tags assigned to the resource, including those inherited from the provider .

arn str

The ARN of the Flow Log.

id str

The provider-assigned unique ID for this managed resource.

tags_all Mapping[str, str]

A map of tags assigned to the resource, including those inherited from the provider .

arn String

The ARN of the Flow Log.

id String

The provider-assigned unique ID for this managed resource.

tagsAll Map<String>

A map of tags assigned to the resource, including those inherited from the provider .

Look up an Existing FlowLog Resource

Get an existing FlowLog resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FlowLogState, opts?: CustomResourceOptions): FlowLog
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        destination_options: Optional[FlowLogDestinationOptionsArgs] = None,
        eni_id: Optional[str] = None,
        iam_role_arn: Optional[str] = None,
        log_destination: Optional[str] = None,
        log_destination_type: Optional[str] = None,
        log_format: Optional[str] = None,
        log_group_name: Optional[str] = None,
        max_aggregation_interval: Optional[int] = None,
        subnet_id: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        traffic_type: Optional[str] = None,
        vpc_id: Optional[str] = None) -> FlowLog
func GetFlowLog(ctx *Context, name string, id IDInput, state *FlowLogState, opts ...ResourceOption) (*FlowLog, error)
public static FlowLog Get(string name, Input<string> id, FlowLogState? state, CustomResourceOptions? opts = null)
public static FlowLog get(String name, Output<String> id, FlowLogState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Arn string

The ARN of the Flow Log.

DestinationOptions Pulumi.Aws.Ec2.Inputs.FlowLogDestinationOptionsArgs

Describes the destination options for a flow log. More details below.

EniId string

Elastic Network Interface ID to attach to

IamRoleArn string

The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group

LogDestination string

The ARN of the logging destination.

LogDestinationType string

The type of the logging destination. Valid values: cloud-watch-logs, s3. Default: cloud-watch-logs.

LogFormat string

The fields to include in the flow log record, in the order in which they should appear.

LogGroupName string

Deprecated: Use log_destination instead. The name of the CloudWatch log group.

Deprecated:

use 'log_destination' argument instead

MaxAggregationInterval int

The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes). Default: 600.

SubnetId string

Subnet ID to attach to

Tags Dictionary<string, string>

Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll Dictionary<string, string>

A map of tags assigned to the resource, including those inherited from the provider .

TrafficType string

The type of traffic to capture. Valid values: ACCEPT,REJECT, ALL.

VpcId string

VPC ID to attach to

Arn string

The ARN of the Flow Log.

DestinationOptions FlowLogDestinationOptionsArgs

Describes the destination options for a flow log. More details below.

EniId string

Elastic Network Interface ID to attach to

IamRoleArn string

The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group

LogDestination string

The ARN of the logging destination.

LogDestinationType string

The type of the logging destination. Valid values: cloud-watch-logs, s3. Default: cloud-watch-logs.

LogFormat string

The fields to include in the flow log record, in the order in which they should appear.

LogGroupName string

Deprecated: Use log_destination instead. The name of the CloudWatch log group.

Deprecated:

use 'log_destination' argument instead

MaxAggregationInterval int

The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes). Default: 600.

SubnetId string

Subnet ID to attach to

Tags map[string]string

Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll map[string]string

A map of tags assigned to the resource, including those inherited from the provider .

TrafficType string

The type of traffic to capture. Valid values: ACCEPT,REJECT, ALL.

VpcId string

VPC ID to attach to

arn String

The ARN of the Flow Log.

destinationOptions FlowLogDestinationOptionsArgs

Describes the destination options for a flow log. More details below.

eniId String

Elastic Network Interface ID to attach to

iamRoleArn String

The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group

logDestination String

The ARN of the logging destination.

logDestinationType String

The type of the logging destination. Valid values: cloud-watch-logs, s3. Default: cloud-watch-logs.

logFormat String

The fields to include in the flow log record, in the order in which they should appear.

logGroupName String

Deprecated: Use log_destination instead. The name of the CloudWatch log group.

Deprecated:

use 'log_destination' argument instead

maxAggregationInterval Integer

The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes). Default: 600.

subnetId String

Subnet ID to attach to

tags Map<String,String>

Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String,String>

A map of tags assigned to the resource, including those inherited from the provider .

trafficType String

The type of traffic to capture. Valid values: ACCEPT,REJECT, ALL.

vpcId String

VPC ID to attach to

arn string

The ARN of the Flow Log.

destinationOptions FlowLogDestinationOptionsArgs

Describes the destination options for a flow log. More details below.

eniId string

Elastic Network Interface ID to attach to

iamRoleArn string

The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group

logDestination string

The ARN of the logging destination.

logDestinationType string

The type of the logging destination. Valid values: cloud-watch-logs, s3. Default: cloud-watch-logs.

logFormat string

The fields to include in the flow log record, in the order in which they should appear.

logGroupName string

Deprecated: Use log_destination instead. The name of the CloudWatch log group.

Deprecated:

use 'log_destination' argument instead

maxAggregationInterval number

The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes). Default: 600.

subnetId string

Subnet ID to attach to

tags {[key: string]: string}

Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll {[key: string]: string}

A map of tags assigned to the resource, including those inherited from the provider .

trafficType string

The type of traffic to capture. Valid values: ACCEPT,REJECT, ALL.

vpcId string

VPC ID to attach to

arn str

The ARN of the Flow Log.

destination_options FlowLogDestinationOptionsArgs

Describes the destination options for a flow log. More details below.

eni_id str

Elastic Network Interface ID to attach to

iam_role_arn str

The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group

log_destination str

The ARN of the logging destination.

log_destination_type str

The type of the logging destination. Valid values: cloud-watch-logs, s3. Default: cloud-watch-logs.

log_format str

The fields to include in the flow log record, in the order in which they should appear.

log_group_name str

Deprecated: Use log_destination instead. The name of the CloudWatch log group.

Deprecated:

use 'log_destination' argument instead

max_aggregation_interval int

The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes). Default: 600.

subnet_id str

Subnet ID to attach to

tags Mapping[str, str]

Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tags_all Mapping[str, str]

A map of tags assigned to the resource, including those inherited from the provider .

traffic_type str

The type of traffic to capture. Valid values: ACCEPT,REJECT, ALL.

vpc_id str

VPC ID to attach to

arn String

The ARN of the Flow Log.

destinationOptions Property Map

Describes the destination options for a flow log. More details below.

eniId String

Elastic Network Interface ID to attach to

iamRoleArn String

The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group

logDestination String

The ARN of the logging destination.

logDestinationType String

The type of the logging destination. Valid values: cloud-watch-logs, s3. Default: cloud-watch-logs.

logFormat String

The fields to include in the flow log record, in the order in which they should appear.

logGroupName String

Deprecated: Use log_destination instead. The name of the CloudWatch log group.

Deprecated:

use 'log_destination' argument instead

maxAggregationInterval Number

The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes). Default: 600.

subnetId String

Subnet ID to attach to

tags Map<String>

Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String>

A map of tags assigned to the resource, including those inherited from the provider .

trafficType String

The type of traffic to capture. Valid values: ACCEPT,REJECT, ALL.

vpcId String

VPC ID to attach to

Supporting Types

FlowLogDestinationOptions

FileFormat string

The format for the flow log. Default value: plain-text. Valid values: plain-text, parquet.

HiveCompatiblePartitions bool

Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3. Default value: false.

PerHourPartition bool

Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries. Default value: false.

FileFormat string

The format for the flow log. Default value: plain-text. Valid values: plain-text, parquet.

HiveCompatiblePartitions bool

Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3. Default value: false.

PerHourPartition bool

Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries. Default value: false.

fileFormat String

The format for the flow log. Default value: plain-text. Valid values: plain-text, parquet.

hiveCompatiblePartitions Boolean

Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3. Default value: false.

perHourPartition Boolean

Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries. Default value: false.

fileFormat string

The format for the flow log. Default value: plain-text. Valid values: plain-text, parquet.

hiveCompatiblePartitions boolean

Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3. Default value: false.

perHourPartition boolean

Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries. Default value: false.

file_format str

The format for the flow log. Default value: plain-text. Valid values: plain-text, parquet.

hive_compatible_partitions bool

Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3. Default value: false.

per_hour_partition bool

Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries. Default value: false.

fileFormat String

The format for the flow log. Default value: plain-text. Valid values: plain-text, parquet.

hiveCompatiblePartitions Boolean

Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3. Default value: false.

perHourPartition Boolean

Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries. Default value: false.

Import

Flow Logs can be imported using the id, e.g.,

 $ pulumi import aws:ec2/flowLog:FlowLog test_flow_log fl-1a2b3c4d

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.