Terraform module to create a VPC Flow Log
Manual testing:
# Replace "xxx" with an actual AWS profile, then execute the integration tests.
export AWS_PROFILE=xxx
make terraform/pytest PYTEST_ARGS="-v --nomock"
For automated testing, PYTEST_ARGS is optional and no profile is needed:
make mockstack/up
make terraform/pytest PYTEST_ARGS="-v"
make mockstack/clean
| Name | Version |
|---|---|
| terraform | >= 0.12 |
| Name | Version |
|---|---|
| aws | n/a |
| Name | Type |
|---|---|
| aws_iam_policy_document.role | data source |
| aws_iam_policy_document.trust | data source |
| aws_partition.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| iam_role_arn | (Optional) ARN for the IAM role to attach to the flow log. If blank, a minimal role will be created | string |
null |
no |
| log_destination | (Optional) The ARN of the logging destination. | string |
null |
no |
| log_destination_type | Controls whether to create the VPC Flow Log with a cloud-watch-logs or s3 bucket destination |
string |
null |
no |
| log_format | (Optional) The fields to include in the flow log record, in the order in which they should appear. | string |
null |
no |
| log_group_name | (Optional) Name to assign to the CloudWatch Log Group. If blank, will use /aws/vpc/flow-log/$${var.vpc_id} |
string |
null |
no |
| tags | A map of tags to add to the CloudWatch Log Group for the VPC Flow Log | map(string) |
{} |
no |
| vpc_id | VPC ID for which the VPC Flow Log will be created | string |
null |
no |
| Name | Description |
|---|---|
| flow_log_id | The ID of the VPC Flow Log |
| iam_role_arn | ARN of the IAM Role for the VPC Flow Log |
| iam_role_name | Name of the IAM Role for the VPC Flow Log |
| iam_role_unique_id | Unique ID of the IAM Role for the VPC Flow Log |
| log_group_arn | ARN of the Log Group for the VPC Flow Log |