software.amazon.awscdk.services.ec2

Class CfnFlowLog

java.lang.Object

software.constructs.Construct

software.amazon.awscdk.core.Construct

software.amazon.awscdk.core.CfnElement

software.amazon.awscdk.core.CfnRefElement

software.amazon.awscdk.core.CfnResource

software.amazon.awscdk.services.ec2.CfnFlowLog

All Implemented Interfaces:

IConstruct, IDependable, IInspectable

@Generated(value="jsii-pacmak/1.74.0 (build 6d08790)",
           date="2023-03-22T19:35:42.404Z")
public class CfnFlowLog
extends CfnResource
implements IInspectable

A CloudFormation `AWS::EC2::FlowLog`.

Specifies a VPC flow log that captures IP traffic for a specified network interface, subnet, or VPC. To view the log data, use Amazon CloudWatch Logs (CloudWatch Logs) to help troubleshoot connection issues. For example, you can use a flow log to investigate why certain traffic isn't reaching an instance, which can help you diagnose overly restrictive security group rules. For more information, see VPC Flow Logs in the Amazon VPC User Guide .

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.ec2.*;
 Object destinationOptions;
 CfnFlowLog cfnFlowLog = CfnFlowLog.Builder.create(this, "MyCfnFlowLog")
         .resourceId("resourceId")
         .resourceType("resourceType")
         // the properties below are optional
         .deliverLogsPermissionArn("deliverLogsPermissionArn")
         .destinationOptions(destinationOptions)
         .logDestination("logDestination")
         .logDestinationType("logDestinationType")
         .logFormat("logFormat")
         .logGroupName("logGroupName")
         .maxAggregationInterval(123)
         .tags(List.of(CfnTag.builder()
                 .key("key")
                 .value("value")
                 .build()))
         .trafficType("trafficType")
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	CfnFlowLog.Builder A fluent builder for CfnFlowLog.
static interface	CfnFlowLog.DestinationOptionsProperty Describes the destination options for a flow log.

Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IInspectable

IInspectable.Jsii$Default, IInspectable.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IConstruct

IConstruct.Jsii$Default

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	CFN_RESOURCE_TYPE_NAME The CloudFormation resource type name for this resource class.

Constructor Summary

Constructors

Modifier	Constructor and Description
	CfnFlowLog(Construct scope, java.lang.String id, CfnFlowLogProps props) Create a new `AWS::EC2::FlowLog`.
protected	CfnFlowLog(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	CfnFlowLog(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method and Description
java.lang.String	getAttrId() The ID of the flow log.
protected java.util.Map<java.lang.String,java.lang.Object>	getCfnProperties()
java.lang.String	getDeliverLogsPermissionArn() The ARN of the IAM role that allows Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account.
java.lang.Object	getDestinationOptions() The destination options.
java.lang.String	getLogDestination() The destination for the flow log data.
java.lang.String	getLogDestinationType() The type of destination for the flow log data.
java.lang.String	getLogFormat() The fields to include in the flow log record, in the order in which they should appear.
java.lang.String	getLogGroupName() The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs.
java.lang.Number	getMaxAggregationInterval() The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record.
java.lang.String	getResourceId() The ID of the resource to monitor.
java.lang.String	getResourceType() The type of resource to monitor.
TagManager	getTags() The tags to apply to the flow logs.
java.lang.String	getTrafficType() The type of traffic to monitor (accepted traffic, rejected traffic, or all traffic).
void	inspect(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.
protected java.util.Map<java.lang.String,java.lang.Object>	renderProperties(java.util.Map<java.lang.String,java.lang.Object> props)
void	setDeliverLogsPermissionArn(java.lang.String value) The ARN of the IAM role that allows Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account.
void	setDestinationOptions(java.lang.Object value) The destination options.
void	setLogDestination(java.lang.String value) The destination for the flow log data.
void	setLogDestinationType(java.lang.String value) The type of destination for the flow log data.
void	setLogFormat(java.lang.String value) The fields to include in the flow log record, in the order in which they should appear.
void	setLogGroupName(java.lang.String value) The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs.
void	setMaxAggregationInterval(java.lang.Number value) The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record.
void	setResourceId(java.lang.String value) The ID of the resource to monitor.
void	setResourceType(java.lang.String value) The type of resource to monitor.
void	setTrafficType(java.lang.String value) The type of traffic to monitor (accepted traffic, rejected traffic, or all traffic).

Methods inherited from class software.amazon.awscdk.core.CfnResource

addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, isCfnResource, shouldSynthesize, toString, validateProperties

Methods inherited from class software.amazon.awscdk.core.CfnRefElement

getRef

Methods inherited from class software.amazon.awscdk.core.CfnElement

getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId

Methods inherited from class software.amazon.awscdk.core.Construct

getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

CFN_RESOURCE_TYPE_NAME

public static final java.lang.String CFN_RESOURCE_TYPE_NAME

The CloudFormation resource type name for this resource class.

Constructor Detail

CfnFlowLog

protected CfnFlowLog(software.amazon.jsii.JsiiObjectRef objRef)

CfnFlowLog

protected CfnFlowLog(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

CfnFlowLog

public CfnFlowLog(Construct scope,
                  java.lang.String id,
                  CfnFlowLogProps props)

Create a new `AWS::EC2::FlowLog`.

Parameters:

scope - - scope in which this resource is defined. This parameter is required.

id - - scoped id of the resource. This parameter is required.

props - - resource properties. This parameter is required.

Method Detail

inspect

public void inspect(TreeInspector inspector)

Examines the CloudFormation resource and discloses attributes.

Specified by:

inspect in interface IInspectable

Parameters:

inspector - - tree inspector to collect and process attributes. This parameter is required.

renderProperties

protected java.util.Map<java.lang.String,java.lang.Object> renderProperties(java.util.Map<java.lang.String,java.lang.Object> props)

Overrides:

renderProperties in class CfnResource

Parameters:

props - This parameter is required.

getAttrId

public java.lang.String getAttrId()

The ID of the flow log.

For example, fl-123456abc123abc1 .

getCfnProperties

protected java.util.Map<java.lang.String,java.lang.Object> getCfnProperties()

Overrides:

getCfnProperties in class CfnResource

getTags

public TagManager getTags()

The tags to apply to the flow logs.

getDestinationOptions

public java.lang.Object getDestinationOptions()

The destination options. The following options are supported:.

• FileFormat - The format for the flow log ( plain-text | parquet ). The default is plain-text .
• HiveCompatiblePartitions - Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3 ( true | false ). The default is false .
• PerHourPartition - Indicates whether to partition the flow log per hour ( true | false ). The default is false .

setDestinationOptions

public void setDestinationOptions(java.lang.Object value)

The destination options. The following options are supported:.

• FileFormat - The format for the flow log ( plain-text | parquet ). The default is plain-text .
• HiveCompatiblePartitions - Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3 ( true | false ). The default is false .
• PerHourPartition - Indicates whether to partition the flow log per hour ( true | false ). The default is false .

getResourceId

public java.lang.String getResourceId()

The ID of the resource to monitor.

For example, if the resource type is VPC , specify the ID of the VPC.

setResourceId

public void setResourceId(java.lang.String value)

The ID of the resource to monitor.

For example, if the resource type is VPC , specify the ID of the VPC.

getResourceType

public java.lang.String getResourceType()

The type of resource to monitor.

setResourceType

public void setResourceType(java.lang.String value)

The type of resource to monitor.

getDeliverLogsPermissionArn

public java.lang.String getDeliverLogsPermissionArn()

The ARN of the IAM role that allows Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account.

This parameter is required if the destination type is cloud-watch-logs and unsupported otherwise.

setDeliverLogsPermissionArn

public void setDeliverLogsPermissionArn(java.lang.String value)

The ARN of the IAM role that allows Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account.

This parameter is required if the destination type is cloud-watch-logs and unsupported otherwise.

getLogDestination

public java.lang.String getLogDestination()

The destination for the flow log data. The meaning of this parameter depends on the destination type.

• If the destination type is cloud-watch-logs , specify the ARN of a CloudWatch Logs log group. For example:

arn:aws:logs: region : account_id :log-group: my_group

Alternatively, use the LogGroupName parameter.

• If the destination type is s3 , specify the ARN of an S3 bucket. For example:

arn:aws:s3::: my_bucket / my_subfolder /

The subfolder is optional. Note that you can't use AWSLogs as a subfolder name.

• If the destination type is kinesis-data-firehose , specify the ARN of a Kinesis Data Firehose delivery stream. For example:

arn:aws:firehose: region : account_id :deliverystream: my_stream

setLogDestination

public void setLogDestination(java.lang.String value)

The destination for the flow log data. The meaning of this parameter depends on the destination type.

• If the destination type is cloud-watch-logs , specify the ARN of a CloudWatch Logs log group. For example:

arn:aws:logs: region : account_id :log-group: my_group

Alternatively, use the LogGroupName parameter.

• If the destination type is s3 , specify the ARN of an S3 bucket. For example:

arn:aws:s3::: my_bucket / my_subfolder /

The subfolder is optional. Note that you can't use AWSLogs as a subfolder name.

• If the destination type is kinesis-data-firehose , specify the ARN of a Kinesis Data Firehose delivery stream. For example:

arn:aws:firehose: region : account_id :deliverystream: my_stream

getLogDestinationType

public java.lang.String getLogDestinationType()

The type of destination for the flow log data.

Default: cloud-watch-logs

setLogDestinationType

public void setLogDestinationType(java.lang.String value)

The type of destination for the flow log data.

Default: cloud-watch-logs

getLogFormat

public java.lang.String getLogFormat()

The fields to include in the flow log record, in the order in which they should appear.

If you omit this parameter, the flow log is created using the default format. If you specify this parameter, you must include at least one field. For more information about the available fields, see Flow log records in the Amazon VPC User Guide or Transit Gateway Flow Log records in the AWS Transit Gateway Guide .

Specify the fields using the ${field-id} format, separated by spaces.

setLogFormat

public void setLogFormat(java.lang.String value)

The fields to include in the flow log record, in the order in which they should appear.

If you omit this parameter, the flow log is created using the default format. If you specify this parameter, you must include at least one field. For more information about the available fields, see Flow log records in the Amazon VPC User Guide or Transit Gateway Flow Log records in the AWS Transit Gateway Guide .

Specify the fields using the ${field-id} format, separated by spaces.

getLogGroupName

public java.lang.String getLogGroupName()

The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs.

This parameter is valid only if the destination type is cloud-watch-logs .

setLogGroupName

public void setLogGroupName(java.lang.String value)

The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs.

This parameter is valid only if the destination type is cloud-watch-logs .

getMaxAggregationInterval

public java.lang.Number getMaxAggregationInterval()

The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record.

The possible values are 60 seconds (1 minute) or 600 seconds (10 minutes). This parameter must be 60 seconds for transit gateway resource types.

When a network interface is attached to a Nitro-based instance , the aggregation interval is always 60 seconds or less, regardless of the value that you specify.

Default: 600

setMaxAggregationInterval

public void setMaxAggregationInterval(java.lang.Number value)

The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record.

The possible values are 60 seconds (1 minute) or 600 seconds (10 minutes). This parameter must be 60 seconds for transit gateway resource types.

When a network interface is attached to a Nitro-based instance , the aggregation interval is always 60 seconds or less, regardless of the value that you specify.

Default: 600

getTrafficType

public java.lang.String getTrafficType()

The type of traffic to monitor (accepted traffic, rejected traffic, or all traffic).

This parameter is not supported for transit gateway resource types. It is required for the other resource types.

setTrafficType

public void setTrafficType(java.lang.String value)

The type of traffic to monitor (accepted traffic, rejected traffic, or all traffic).

This parameter is not supported for transit gateway resource types. It is required for the other resource types.