Class FlowLog

Provides a VPC/Subnet/ENI Flow Log to capture IP traffic for a specific network interface, subnet, or VPC. Logs are sent to a CloudWatch Log Group or a S3 Bucket.

Example Usage

CloudWatch Logging

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var exampleLogGroup = new Aws.CloudWatch.LogGroup("exampleLogGroup", new Aws.CloudWatch.LogGroupArgs
    {
    });
    var exampleRole = new Aws.Iam.Role("exampleRole", new Aws.Iam.RoleArgs
    {
        AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
  ""Sid"": """",
  ""Effect"": ""Allow"",
  ""Principal"": {
    ""Service"": ""vpc-flow-logs.amazonaws.com""
  },
  ""Action"": ""sts:AssumeRole""
}
]
}

",
    });
    var exampleFlowLog = new Aws.Ec2.FlowLog("exampleFlowLog", new Aws.Ec2.FlowLogArgs
    {
        IamRoleArn = exampleRole.Arn,
        LogDestination = exampleLogGroup.Arn,
        TrafficType = "ALL",
        VpcId = aws_vpc.Example.Id,
    });
    var exampleRolePolicy = new Aws.Iam.RolePolicy("exampleRolePolicy", new Aws.Iam.RolePolicyArgs
    {
        Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
  ""Action"": [
    ""logs:CreateLogGroup"",
    ""logs:CreateLogStream"",
    ""logs:PutLogEvents"",
    ""logs:DescribeLogGroups"",
    ""logs:DescribeLogStreams""
  ],
  ""Effect"": ""Allow"",
  ""Resource"": ""*""
}
]
}

",
        Role = exampleRole.Id,
    });
}

}

S3 Logging

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var exampleBucket = new Aws.S3.Bucket("exampleBucket", new Aws.S3.BucketArgs
    {
    });
    var exampleFlowLog = new Aws.Ec2.FlowLog("exampleFlowLog", new Aws.Ec2.FlowLogArgs
    {
        LogDestination = exampleBucket.Arn,
        LogDestinationType = "s3",
        TrafficType = "ALL",
        VpcId = aws_vpc.Example.Id,
    });
}

}
Inheritance
System.Object
Resource
CustomResource
FlowLog
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Aws.Ec2
Assembly: Pulumi.Aws.dll
Syntax
public class FlowLog : CustomResource

Constructors

View Source

FlowLog(String, FlowLogArgs, CustomResourceOptions)

Create a FlowLog resource with the given unique name, arguments, and options.

Declaration
public FlowLog(string name, FlowLogArgs args, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resource
FlowLogArgs args

The arguments used to populate this resource's properties
CustomResourceOptions options

A bag of options that control this resource's behavior

Properties

View Source

EniId

Elastic Network Interface ID to attach to

Declaration
public Output<string> EniId { get; }
Property Value
Type Description
Output<System.String>
View Source

IamRoleArn

The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group

Declaration
public Output<string> IamRoleArn { get; }
Property Value
Type Description
Output<System.String>
View Source

LogDestination

The ARN of the logging destination.

Declaration
public Output<string> LogDestination { get; }
Property Value
Type Description
Output<System.String>
View Source

LogDestinationType

The type of the logging destination. Valid values: cloud-watch-logs, s3. Default: cloud-watch-logs.

Declaration
public Output<string> LogDestinationType { get; }
Property Value
Type Description
Output<System.String>
View Source

LogFormat

The fields to include in the flow log record, in the order in which they should appear.

Declaration
public Output<string> LogFormat { get; }
Property Value
Type Description
Output<System.String>
View Source

LogGroupName

Deprecated: Use log_destination instead. The name of the CloudWatch log group.

Declaration
public Output<string> LogGroupName { get; }
Property Value
Type Description
Output<System.String>
View Source

MaxAggregationInterval

The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes). Default: 600.

Declaration
public Output<int?> MaxAggregationInterval { get; }
Property Value
Type Description
Output<System.Nullable<System.Int32>>
View Source

SubnetId

Subnet ID to attach to

Declaration
public Output<string> SubnetId { get; }
Property Value
Type Description
Output<System.String>
View Source

Tags

Key-value map of resource tags

Declaration
public Output<ImmutableDictionary<string, object>> Tags { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableDictionary<System.String, System.Object>>
View Source

TrafficType

The type of traffic to capture. Valid values: ACCEPT,REJECT, ALL.

Declaration
public Output<string> TrafficType { get; }
Property Value
Type Description
Output<System.String>
View Source

VpcId

VPC ID to attach to

Declaration
public Output<string> VpcId { get; }
Property Value
Type Description
Output<System.String>

Methods

View Source

Get(String, Input<String>, FlowLogState, CustomResourceOptions)

Get an existing FlowLog resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration
public static FlowLog Get(string name, Input<string> id, FlowLogState state = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resulting resource.
Input<System.String> id

The unique provider ID of the resource to lookup.
FlowLogState state

Any extra arguments used during the lookup.
CustomResourceOptions options

A bag of options that control this resource's behavior
Returns
Type Description
FlowLog