terraform-aws-tardigrade-vpc-flow-log

Terraform module to create a VPC Flow Log

Requirements

Name	Version
terraform	>= 1.0.0
aws	>= 5.68.0

Providers

Name	Version
aws	>= 5.68.0

Resources

Name	Type
aws_caller_identity.this	data source
aws_iam_policy_document.cloudwatch_policy	data source
aws_iam_policy_document.cloudwatch_trust	data source
aws_partition.this	data source
aws_region.this	data source

Inputs

Name	Description	Type	Default	Required
flow_log	Object of attributes for managing a Flow Log	object({ name = string log_destination_type = string eni_id = optional(string) subnet_id = optional(string) transit_gateway_id = optional(string) transit_gateway_attachment_id = optional(string) vpc_id = optional(string) deliver_cross_account_role = optional(string) iam_role_arn = optional(string) log_destination = optional(string) log_format = optional(string) max_aggregation_interval = optional(number) tags = optional(map(string), {}) traffic_type = optional(string, "ALL") destination_options = optional(object({ file_format = optional(string) hive_compatible_partitions = optional(bool) per_hour_partition = optional(bool) })) cloudwatch_log_group = optional(object({ enable = optional(bool, true) name = optional(string) kms_key_id = optional(string) log_group_class = optional(string, "INFREQUENT_ACCESS") retention_in_days = optional(number, 30) skip_destroy = optional(bool, false) tags = optional(map(string), {}) }), {}) })	n/a	yes

Outputs

Name	Description
cloudwatch_log_group	Object of attributes for the CloudWatch Log Group
flow_log	Object of attributes for the Flow Log
iam_role	Object of attributes for the IAM Role used by the Flow Log

Testing

Manual testing:

# Replace "xxx" with an actual AWS profile, then execute the integration tests.
export AWS_PROFILE=xxx 
make terraform/pytest PYTEST_ARGS="-v --nomock"

For automated testing, PYTEST_ARGS is optional and no profile is needed:

make mockstack/up
make terraform/pytest PYTEST_ARGS="-v"
make mockstack/clean