From 51b52807ab90b49fefeded6bc4f83cb09b5741b4 Mon Sep 17 00:00:00 2001
From: Robby Ho <robby@unif.io>
Date: Fri, 23 Oct 2015 14:50:38 -0700
Subject: [PATCH] Issue #1 - Add aws flow log creation to base module

---
 base/main.tf    | 23 +++++++++++++++++++++++
 base/outputs.tf |  4 ++++
 2 files changed, 27 insertions(+)

diff --git a/base/main.tf b/base/main.tf
index 2d33f4f..866bf5e 100644
--- a/base/main.tf
+++ b/base/main.tf
@@ -59,3 +59,26 @@ resource "aws_security_group" "nat_sg" {
     cidr_blocks = ["0.0.0.0/0"]
   }
 }
+
+# Provision aws_flow_log with reasonable initial settings
+
+resource "aws_cloudwatch_log_group" "flow_log_group" {
+  name = "${var.stack_item_label}FlowLogGroup"
+}
+
+module "flow_log_iam_role" {
+  source = "../../terraform-aws-iam/iam_role"
+
+  rolename = "${var.stack_item_label}FlowLogRole"
+  service = "vpc-flow-logs.amazonaws.com"
+  actions = "logs:CreateLogGroup,logs:CreateLogStream,logs:PutLogEvents,logs:DescribeLogGroups,logs:DescribeLogStreams"
+  action_privs = "Allow,Allow,Allow,Allow,Allow"
+  resources = "*,*,*,*,*"
+}
+
+resource "aws_flow_log" "flow_log" {
+  log_group_name = "${var.stack_item_label}FlowLogGroup"
+  iam_role_arn = "${module.flow_log_iam_role.role_arn}"
+  vpc_id = "${aws_vpc.vpc.id}"
+  traffic_type = "ALL"
+}
diff --git a/base/outputs.tf b/base/outputs.tf
index a2411fd..ef258f5 100644
--- a/base/outputs.tf
+++ b/base/outputs.tf
@@ -19,3 +19,7 @@ output "rt_dmz_id" {
 output "nat_sg_id" {
   value = "${aws_security_group.nat_sg.id}"
 }
+
+output "flow_log_id" {
+  value = "${aws_flow_log.flow_log.id}"
+}