github.com/jmbataller/terraform@v0.6.8-0.20151125192640-b7a12e3a580c/website/source/docs/providers/aws/r/flow_log.html.markdown

github.com/jmbataller/terraform@v0.6.8-0.20151125192640-b7a12e3a580c/website/source/docs/providers/aws/r/flow_log.html.markdown (about)

     1  ---
     2  layout: "aws"
     3  page_title: "AWS: aws_flow_log"
     4  sidebar_current: "docs-aws-resource-flow-log"
     5  description: |-
     6    Provides a VPC/Subnet/ENI Flow Log
     7  ---
     8  
     9  # aws\_flow\_log
    10  
    11  Provides a VPC/Subnet/ENI Flow Log to capture IP traffic for a specific network
    12  interface, subnet, or VPC. Logs are sent to a CloudWatch Log Group.
    13  
    14  ```
    15  resource "aws_flow_log" "test_flow_log" {
    16    # log_group_name needs to exist before hand
    17    # until we have a CloudWatch Log Group Resource
    18    log_group_name = "tf-test-log-group"
    19    iam_role_arn = "${aws_iam_role.test_role.arn}"
    20    vpc_id = "${aws_vpc.default.id}"
    21    traffic_type = "ALL"
    22  }
    23  
    24  resource "aws_iam_role" "test_role" {
    25      name = "test_role"
    26      assume_role_policy = <<EOF
    27  {
    28    "Version": "2012-10-17",
    29    "Statement": [
    30      {
    31        "Sid": "",
    32        "Effect": "Allow",
    33        "Principal": {
    34          "Service": "vpc-flow-logs.amazonaws.com"
    35        },
    36        "Action": "sts:AssumeRole"
    37      }
    38    ]
    39  } 
    40  EOF
    41  }
    42  
    43  resource "aws_iam_role_policy" "test_policy" {
    44      name = "test_policy"
    45      role = "${aws_iam_role.test_role.id}"
    46      policy = <<EOF
    47  {
    48    "Version": "2012-10-17",
    49    "Statement": [
    50      {
    51        "Action": [
    52          "logs:CreateLogGroup",
    53          "logs:CreateLogStream",
    54          "logs:PutLogEvents",
    55          "logs:DescribeLogGroups",
    56          "logs:DescribeLogStreams"
    57        ],
    58        "Effect": "Allow",
    59        "Resource": "*"
    60      }
    61    ]
    62  }   
    63  EOF
    64  }
    65  ```
    66  
    67  ## Argument Reference
    68  
    69  The following arguments are supported:
    70  
    71  * `log_group_name` - (Required) The name of the CloudWatch log group
    72  * `iam_role_arn` - (Required) The ARN for the IAM role that's used to post flow
    73    logs to a CloudWatch Logs log group
    74  * `vpc_id` - (Optional) VPC ID to attach to
    75  * `subnet_id` - (Optional) Subnet ID to attach to
    76  * `eni_id` - (Optional) Elastic Network Interface ID to attach to
    77  * `traffic_type` - (Required) The type of traffic to capture. Valid values:
    78    `ACCEPT`,`REJECT`, `ALL`
    79  
    80  ## Attributes Reference
    81  
    82  The following attributes are exported:
    83  
    84  * `id` - The Flow Log ID