Package software.amazon.awscdk.services.ec2

Class CfnFlowLog

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.core.Construct
software.amazon.awscdk.core.CfnElement
software.amazon.awscdk.core.CfnRefElement
software.amazon.awscdk.core.CfnResource
software.amazon.awscdk.services.ec2.CfnFlowLog
All Implemented Interfaces:
IConstruct, IDependable, IInspectable, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct
@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)", date="2023-06-19T16:30:38.560Z") @Stability(Stable) public class CfnFlowLog extends CfnResource implements IInspectable
A CloudFormation AWS::EC2::FlowLog.

Specifies a VPC flow log that captures IP traffic for a specified network interface, subnet, or VPC. To view the log data, use Amazon CloudWatch Logs (CloudWatch Logs) to help troubleshoot connection issues. For example, you can use a flow log to investigate why certain traffic isn't reaching an instance, which can help you diagnose overly restrictive security group rules. For more information, see VPC Flow Logs in the Amazon VPC User Guide .

Example: 

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.ec2.*;
 Object destinationOptions;
 CfnFlowLog cfnFlowLog = CfnFlowLog.Builder.create(this, "MyCfnFlowLog")
         .resourceId("resourceId")
         .resourceType("resourceType")
         // the properties below are optional
         .deliverLogsPermissionArn("deliverLogsPermissionArn")
         .destinationOptions(destinationOptions)
         .logDestination("logDestination")
         .logDestinationType("logDestinationType")
         .logFormat("logFormat")
         .logGroupName("logGroupName")
         .maxAggregationInterval(123)
         .tags(List.of(CfnTag.builder()
                 .key("key")
                 .value("value")
                 .build()))
         .trafficType("trafficType")
         .build();

  • Field Details

    • CFN_RESOURCE_TYPE_NAME

      @Stability(Stable) public static final String CFN_RESOURCE_TYPE_NAME
      The CloudFormation resource type name for this resource class.

  • Constructor Details

    • CfnFlowLog

      protected CfnFlowLog(software.amazon.jsii.JsiiObjectRef objRef)

    • CfnFlowLog

      protected CfnFlowLog(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • CfnFlowLog

      @Stability(Stable) public CfnFlowLog(@NotNull Construct scope, @NotNull String id, @NotNull CfnFlowLogProps props)
      Create a new AWS::EC2::FlowLog.

      Parameters:
      scope -
      • scope in which this resource is defined.
      This parameter is required.
      id -
      • scoped id of the resource.
      This parameter is required.
      props -
      • resource properties.
      This parameter is required.

  • Method Details

    • inspect

      @Stability(Stable) public void inspect(@NotNull TreeInspector inspector)
      Examines the CloudFormation resource and discloses attributes.

      Specified by:
      inspect in interface IInspectable
      Parameters:
      inspector -
      • tree inspector to collect and process attributes.
      This parameter is required.

    • renderProperties

      @Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String,Object> props)
      Overrides:
      renderProperties in class CfnResource
      Parameters:
      props - This parameter is required.

    • getAttrId

      @Stability(Stable) @NotNull public String getAttrId()
      The ID of the flow log.

      For example, fl-123456abc123abc1 .

    • getCfnProperties

      @Stability(Stable) @NotNull protected Map<String,Object> getCfnProperties()
      Overrides:
      getCfnProperties in class CfnResource

    • getTags

      @Stability(Stable) @NotNull public TagManager getTags()
      The tags to apply to the flow logs.

    • getDestinationOptions

      @Stability(Stable) @NotNull public Object getDestinationOptions()
      The destination options. The following options are supported:.

      • FileFormat - The format for the flow log ( plain-text | parquet ). The default is plain-text .
      • HiveCompatiblePartitions - Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3 ( true | false ). The default is false .
      • PerHourPartition - Indicates whether to partition the flow log per hour ( true | false ). The default is false .

    • setDestinationOptions

      @Stability(Stable) public void setDestinationOptions(@NotNull Object value)
      The destination options. The following options are supported:.

      • FileFormat - The format for the flow log ( plain-text | parquet ). The default is plain-text .
      • HiveCompatiblePartitions - Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3 ( true | false ). The default is false .
      • PerHourPartition - Indicates whether to partition the flow log per hour ( true | false ). The default is false .

    • getResourceId

      @Stability(Stable) @NotNull public String getResourceId()
      The ID of the resource to monitor.

      For example, if the resource type is VPC , specify the ID of the VPC.

    • setResourceId

      @Stability(Stable) public void setResourceId(@NotNull String value)
      The ID of the resource to monitor.

      For example, if the resource type is VPC , specify the ID of the VPC.

    • getResourceType

      @Stability(Stable) @NotNull public String getResourceType()
      The type of resource to monitor.

    • setResourceType

      @Stability(Stable) public void setResourceType(@NotNull String value)
      The type of resource to monitor.

    • getDeliverLogsPermissionArn

      @Stability(Stable) @Nullable public String getDeliverLogsPermissionArn()
      The ARN of the IAM role that allows Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account.

      This parameter is required if the destination type is cloud-watch-logs and unsupported otherwise.

    • setDeliverLogsPermissionArn

      @Stability(Stable) public void setDeliverLogsPermissionArn(@Nullable String value)
      The ARN of the IAM role that allows Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account.

      This parameter is required if the destination type is cloud-watch-logs and unsupported otherwise.

    • getLogDestination

      @Stability(Stable) @Nullable public String getLogDestination()
      The destination for the flow log data. The meaning of this parameter depends on the destination type.

      • If the destination type is cloud-watch-logs , specify the ARN of a CloudWatch Logs log group. For example:

      arn:aws:logs: region : account_id :log-group: my_group

      Alternatively, use the LogGroupName parameter.

      • If the destination type is s3 , specify the ARN of an S3 bucket. For example:

      arn:aws:s3::: my_bucket / my_subfolder /

      The subfolder is optional. Note that you can't use AWSLogs as a subfolder name.

      • If the destination type is kinesis-data-firehose , specify the ARN of a Kinesis Data Firehose delivery stream. For example:

      arn:aws:firehose: region : account_id :deliverystream: my_stream

    • setLogDestination

      @Stability(Stable) public void setLogDestination(@Nullable String value)
      The destination for the flow log data. The meaning of this parameter depends on the destination type.

      • If the destination type is cloud-watch-logs , specify the ARN of a CloudWatch Logs log group. For example:

      arn:aws:logs: region : account_id :log-group: my_group

      Alternatively, use the LogGroupName parameter.

      • If the destination type is s3 , specify the ARN of an S3 bucket. For example:

      arn:aws:s3::: my_bucket / my_subfolder /

      The subfolder is optional. Note that you can't use AWSLogs as a subfolder name.

      • If the destination type is kinesis-data-firehose , specify the ARN of a Kinesis Data Firehose delivery stream. For example:

      arn:aws:firehose: region : account_id :deliverystream: my_stream

    • getLogDestinationType

      @Stability(Stable) @Nullable public String getLogDestinationType()
      The type of destination for the flow log data.

      Default: cloud-watch-logs

    • setLogDestinationType

      @Stability(Stable) public void setLogDestinationType(@Nullable String value)
      The type of destination for the flow log data.

      Default: cloud-watch-logs

    • getLogFormat

      @Stability(Stable) @Nullable public String getLogFormat()
      The fields to include in the flow log record, in the order in which they should appear.

      If you omit this parameter, the flow log is created using the default format. If you specify this parameter, you must include at least one field. For more information about the available fields, see Flow log records in the Amazon VPC User Guide or Transit Gateway Flow Log records in the AWS Transit Gateway Guide .

      Specify the fields using the ${field-id} format, separated by spaces.

    • setLogFormat

      @Stability(Stable) public void setLogFormat(@Nullable String value)
      The fields to include in the flow log record, in the order in which they should appear.

      If you omit this parameter, the flow log is created using the default format. If you specify this parameter, you must include at least one field. For more information about the available fields, see Flow log records in the Amazon VPC User Guide or Transit Gateway Flow Log records in the AWS Transit Gateway Guide .

      Specify the fields using the ${field-id} format, separated by spaces.

    • getLogGroupName

      @Stability(Stable) @Nullable public String getLogGroupName()
      The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs.

      This parameter is valid only if the destination type is cloud-watch-logs .

    • setLogGroupName

      @Stability(Stable) public void setLogGroupName(@Nullable String value)
      The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs.

      This parameter is valid only if the destination type is cloud-watch-logs .

    • getMaxAggregationInterval

      @Stability(Stable) @Nullable public Number getMaxAggregationInterval()
      The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record.

      The possible values are 60 seconds (1 minute) or 600 seconds (10 minutes). This parameter must be 60 seconds for transit gateway resource types.

      When a network interface is attached to a Nitro-based instance , the aggregation interval is always 60 seconds or less, regardless of the value that you specify.

      Default: 600

    • setMaxAggregationInterval

      @Stability(Stable) public void setMaxAggregationInterval(@Nullable Number value)
      The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record.

      The possible values are 60 seconds (1 minute) or 600 seconds (10 minutes). This parameter must be 60 seconds for transit gateway resource types.

      When a network interface is attached to a Nitro-based instance , the aggregation interval is always 60 seconds or less, regardless of the value that you specify.

      Default: 600

    • getTrafficType

      @Stability(Stable) @Nullable public String getTrafficType()
      The type of traffic to monitor (accepted traffic, rejected traffic, or all traffic).

      This parameter is not supported for transit gateway resource types. It is required for the other resource types.

    • setTrafficType

      @Stability(Stable) public void setTrafficType(@Nullable String value)
      The type of traffic to monitor (accepted traffic, rejected traffic, or all traffic).

      This parameter is not supported for transit gateway resource types. It is required for the other resource types.