terraform-aws-vpcflowlogs

Configure VPC flow logs for one or more VPCs. Supports creating a KMS key and S3 bucket or using an existing bucket. Useful when shipping flow logs to a separate account. Note that the KMS key and S3 bucket will need to have the appropriate policies in place to accept logs from another account. See terraform-aws-vpcflowlog-bucket for a suitable example.

Example:

module "vpcflowlogs" {
  #source         = "git::https://github.com/rhythmictech/terraform-aws-vpcflowlogs.git"
  logging_bucket     = "example-s3-access-logs-bucket"
  region             = "us-east-1"
  tags               = local.tags
  vpc_ids            = ["vpc-1234567890"]
}

Using an external key/bucket:

module "vpcflowlogs" {
  #source         = "git::https://github.com/rhythmictech/terraform-aws-vpcflowlogs.git"
  create_bucket      = false
  create_kms_key     = false
  region             = "us-east-1"
  tags               = local.tags
  vpc_ids            = ["vpc-1234567890"]
  vpcflowlog_bucket  = "example-s3-vpcflowlogs-bucket"
  vpcflowlog_kms_key = "arn:aws:kms:us-east-1:123456789012:key/..."
}

Requirements

Name	Version
terraform	>= 0.13.4

Providers

Name	Version
aws	4.17.1

Modules

No modules.

Resources

Name	Type
aws_cloudwatch_log_group.this	resource
aws_flow_log.cloudwatch	resource
aws_flow_log.s3	resource
aws_iam_policy.this	resource
aws_iam_role.this	resource
aws_iam_role_policy_attachment.vpcflowlog-attach-localconfig-policy	resource
aws_kms_alias.this	resource
aws_kms_key.this	resource
aws_s3_bucket.this	resource
aws_s3_bucket_policy.vpcflowlog_bucket_policy	resource
aws_s3_bucket_public_access_block.this	resource
aws_caller_identity.current	data source
aws_iam_policy_document.assume	data source
aws_iam_policy_document.key	data source
aws_iam_policy_document.this	data source
aws_partition.current	data source

Inputs

Name	Description	Type	Default	Required
create_bucket	Create S3 bucket to receive VPC flow logs? `vpcflowlog_bucket` must be specified if this is false.	`bool`	`true`	no
create_kms_key	Create KMS key to encrypt flow logs? `vpcflowlog_kms_key` must be specified if this is false.	`bool`	`true`	no
kms_alias	KMS Key Alias for VPC flow log KMS key	`string`	`"vpcflowlog_key"`	no
log_to_cloudwatch	Should VPC flow logs be written to CloudWatch Logs	`bool`	`true`	no
log_to_s3	Should VPC flow logs be written to S3	`bool`	`true`	no
logging_bucket	S3 bucket to send request logs to the VPC flow log bucket to (required if `create_bucket` is true)	`string`	`""`	no
region	Region VPC flow logs will be sent to	`string`	n/a	yes
tags	Tags to include on resources that support it	`map(string)`	`{}`	no
vpc_ids	List of VPCs to enable flow logging for	`list(string)`	n/a	yes
vpcflowlog_bucket	S3 bucket to receive VPC flow logs (required it `create_bucket` is false)	`string`	`""`	no
vpcflowlog_kms_key	KMS key to use for VPC flow log encryption (required it `create_kms_key` is false)	`string`	`""`	no

Outputs

Name	Description
kms_key_id	KMS key
s3_bucket_name	The name of the bucket flow logs are routing to

Related Projects

VPC Flow Log Bucket

rhythmictech / terraform-aws-vpcflowlogs Goto Github PK

terraform-aws-vpcflowlogs's Introduction

terraform-aws-vpcflowlogs

Requirements

Providers

Modules

Resources

Inputs

Outputs

Related Projects

terraform-aws-vpcflowlogs's People

Contributors

Stargazers

Watchers

Forkers

terraform-aws-vpcflowlogs's Issues

[BUG] cloudwatch logging not working correctly

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent