github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/website/source/docs/providers/aws/r/flow_log.html.markdown

github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/website/source/docs/providers/aws/r/flow_log.html.markdown (about)

     1  ---
     2  layout: "aws"
     3  page_title: "AWS: aws_flow_log"
     4  sidebar_current: "docs-aws-resource-flow-log"
     5  description: |-
     6    Provides a VPC/Subnet/ENI Flow Log
     7  ---
     8  
     9  # aws\_flow\_log
    10  
    11  Provides a VPC/Subnet/ENI Flow Log to capture IP traffic for a specific network
    12  interface, subnet, or VPC. Logs are sent to a CloudWatch Log Group.
    13  
    14  ```
    15  resource "aws_flow_log" "test_flow_log" {
    16    log_group_name = "${aws_cloudwatch_log_group.test_log_group.name}"
    17    iam_role_arn   = "${aws_iam_role.test_role.arn}"
    18    vpc_id         = "${aws_vpc.default.id}"
    19    traffic_type   = "ALL"
    20  }
    21  
    22  resource "aws_cloudwatch_log_group" "test_log_group" {
    23    name = "test_log_group"
    24  }
    25  
    26  resource "aws_iam_role" "test_role" {
    27    name = "test_role"
    28  
    29    assume_role_policy = <<EOF
    30  {
    31    "Version": "2012-10-17",
    32    "Statement": [
    33      {
    34        "Sid": "",
    35        "Effect": "Allow",
    36        "Principal": {
    37          "Service": "vpc-flow-logs.amazonaws.com"
    38        },
    39        "Action": "sts:AssumeRole"
    40      }
    41    ]
    42  }
    43  EOF
    44  }
    45  
    46  resource "aws_iam_role_policy" "test_policy" {
    47    name = "test_policy"
    48    role = "${aws_iam_role.test_role.id}"
    49  
    50    policy = <<EOF
    51  {
    52    "Version": "2012-10-17",
    53    "Statement": [
    54      {
    55        "Action": [
    56          "logs:CreateLogGroup",
    57          "logs:CreateLogStream",
    58          "logs:PutLogEvents",
    59          "logs:DescribeLogGroups",
    60          "logs:DescribeLogStreams"
    61        ],
    62        "Effect": "Allow",
    63        "Resource": "*"
    64      }
    65    ]
    66  }
    67  EOF
    68  }
    69  ```
    70  
    71  ## Argument Reference
    72  
    73  The following arguments are supported:
    74  
    75  * `log_group_name` - (Required) The name of the CloudWatch log group
    76  * `iam_role_arn` - (Required) The ARN for the IAM role that's used to post flow
    77    logs to a CloudWatch Logs log group
    78  * `vpc_id` - (Optional) VPC ID to attach to
    79  * `subnet_id` - (Optional) Subnet ID to attach to
    80  * `eni_id` - (Optional) Elastic Network Interface ID to attach to
    81  * `traffic_type` - (Required) The type of traffic to capture. Valid values:
    82    `ACCEPT`,`REJECT`, `ALL`
    83  
    84  ## Attributes Reference
    85  
    86  The following attributes are exported:
    87  
    88  * `id` - The Flow Log ID
    89  
    90  ## Import
    91  
    92  Flow Logs can be imported using the `id`, e.g.
    93  
    94  ```
    95  $ terraform import aws_flow_log.test_flow_log fl-1a2b3c4d
    96  ```