software.amazon.awscdk.services.ec2

Class CfnFlowLog

java.lang.Object

software.constructs.Construct

software.amazon.awscdk.core.Construct

software.amazon.awscdk.core.CfnElement

software.amazon.awscdk.core.CfnRefElement

software.amazon.awscdk.core.CfnResource

software.amazon.awscdk.services.ec2.CfnFlowLog

All Implemented Interfaces:

IConstruct, IDependable, IInspectable

@Generated(value="jsii-pacmak/1.58.0 (build f8ba112)",
           date="2022-05-13T01:13:32.321Z")
public class CfnFlowLog
extends CfnResource
implements IInspectable

A CloudFormation `AWS::EC2::FlowLog`.

Specifies a VPC flow log that captures IP traffic for a specified network interface, subnet, or VPC. To view the log data, use Amazon CloudWatch Logs (CloudWatch Logs) to help troubleshoot connection issues. For example, you can use a flow log to investigate why certain traffic isn't reaching an instance, which can help you diagnose overly restrictive security group rules. For more information, see VPC Flow Logs in the Amazon VPC User Guide .

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.ec2.*;
 Object destinationOptions;
 CfnFlowLog cfnFlowLog = CfnFlowLog.Builder.create(this, "MyCfnFlowLog")
         .resourceId("resourceId")
         .resourceType("resourceType")
         .trafficType("trafficType")
         // the properties below are optional
         .deliverLogsPermissionArn("deliverLogsPermissionArn")
         .destinationOptions(destinationOptions)
         .logDestination("logDestination")
         .logDestinationType("logDestinationType")
         .logFormat("logFormat")
         .logGroupName("logGroupName")
         .maxAggregationInterval(123)
         .tags(List.of(CfnTag.builder()
                 .key("key")
                 .value("value")
                 .build()))
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	CfnFlowLog.Builder A fluent builder for CfnFlowLog.

Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IInspectable

IInspectable.Jsii$Default, IInspectable.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IConstruct

IConstruct.Jsii$Default

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	CFN_RESOURCE_TYPE_NAME The CloudFormation resource type name for this resource class.

Constructor Summary

Constructors

Modifier	Constructor and Description
	CfnFlowLog(Construct scope, java.lang.String id, CfnFlowLogProps props) Create a new `AWS::EC2::FlowLog`.
protected	CfnFlowLog(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	CfnFlowLog(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method and Description
java.lang.String	getAttrId() The ID of the flow log.
protected java.util.Map<java.lang.String,java.lang.Object>	getCfnProperties()
java.lang.String	getDeliverLogsPermissionArn() The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account.
java.lang.Object	getDestinationOptions() The destination options.
java.lang.String	getLogDestination() The destination to which the flow log data is to be published.
java.lang.String	getLogDestinationType() The type of destination to which the flow log data is to be published.
java.lang.String	getLogFormat() The fields to include in the flow log record, in the order in which they should appear.
java.lang.String	getLogGroupName() The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs.
java.lang.Number	getMaxAggregationInterval() The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record.
java.lang.String	getResourceId() The ID of the subnet, network interface, or VPC for which you want to create a flow log.
java.lang.String	getResourceType() The type of resource for which to create the flow log.
TagManager	getTags() The tags to apply to the flow logs.
java.lang.String	getTrafficType() The type of traffic to log.
void	inspect(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.
protected java.util.Map<java.lang.String,java.lang.Object>	renderProperties(java.util.Map<java.lang.String,java.lang.Object> props)
void	setDeliverLogsPermissionArn(java.lang.String value) The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account.
void	setDestinationOptions(java.lang.Object value) The destination options.
void	setLogDestination(java.lang.String value) The destination to which the flow log data is to be published.
void	setLogDestinationType(java.lang.String value) The type of destination to which the flow log data is to be published.
void	setLogFormat(java.lang.String value) The fields to include in the flow log record, in the order in which they should appear.
void	setLogGroupName(java.lang.String value) The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs.
void	setMaxAggregationInterval(java.lang.Number value) The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record.
void	setResourceId(java.lang.String value) The ID of the subnet, network interface, or VPC for which you want to create a flow log.
void	setResourceType(java.lang.String value) The type of resource for which to create the flow log.
void	setTrafficType(java.lang.String value) The type of traffic to log.

Methods inherited from class software.amazon.awscdk.core.CfnResource

addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, isCfnResource, shouldSynthesize, toString, validateProperties

Methods inherited from class software.amazon.awscdk.core.CfnRefElement

getRef

Methods inherited from class software.amazon.awscdk.core.CfnElement

getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId

Methods inherited from class software.amazon.awscdk.core.Construct

getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

CFN_RESOURCE_TYPE_NAME

public static final java.lang.String CFN_RESOURCE_TYPE_NAME

The CloudFormation resource type name for this resource class.

Constructor Detail

CfnFlowLog

protected CfnFlowLog(software.amazon.jsii.JsiiObjectRef objRef)

CfnFlowLog

protected CfnFlowLog(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

CfnFlowLog

public CfnFlowLog(Construct scope,
                  java.lang.String id,
                  CfnFlowLogProps props)

Create a new `AWS::EC2::FlowLog`.

Parameters:

scope - - scope in which this resource is defined. This parameter is required.

id - - scoped id of the resource. This parameter is required.

props - - resource properties. This parameter is required.

Method Detail

inspect

public void inspect(TreeInspector inspector)

Examines the CloudFormation resource and discloses attributes.

Specified by:

inspect in interface IInspectable

Parameters:

inspector - - tree inspector to collect and process attributes. This parameter is required.

renderProperties

protected java.util.Map<java.lang.String,java.lang.Object> renderProperties(java.util.Map<java.lang.String,java.lang.Object> props)

Overrides:

renderProperties in class CfnResource

Parameters:

props - This parameter is required.

getAttrId

public java.lang.String getAttrId()

The ID of the flow log.

For example, fl-123456abc123abc1 .

getCfnProperties

protected java.util.Map<java.lang.String,java.lang.Object> getCfnProperties()

Overrides:

getCfnProperties in class CfnResource

getTags

public TagManager getTags()

The tags to apply to the flow logs.

getDestinationOptions

public java.lang.Object getDestinationOptions()

The destination options. The following options are supported:.

• FileFormat - The format for the flow log ( plain-text | parquet ). The default is plain-text .
• HiveCompatiblePartitions - Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3 ( true | false ). The default is false .
• PerHourPartition - Indicates whether to partition the flow log per hour ( true | false ). The default is false .

setDestinationOptions

public void setDestinationOptions(java.lang.Object value)

The destination options. The following options are supported:.

• FileFormat - The format for the flow log ( plain-text | parquet ). The default is plain-text .
• HiveCompatiblePartitions - Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3 ( true | false ). The default is false .
• PerHourPartition - Indicates whether to partition the flow log per hour ( true | false ). The default is false .

getResourceId

public java.lang.String getResourceId()

The ID of the subnet, network interface, or VPC for which you want to create a flow log.

setResourceId

public void setResourceId(java.lang.String value)

The ID of the subnet, network interface, or VPC for which you want to create a flow log.

getResourceType

public java.lang.String getResourceType()

The type of resource for which to create the flow log.

For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.

setResourceType

public void setResourceType(java.lang.String value)

The type of resource for which to create the flow log.

For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.

getTrafficType

public java.lang.String getTrafficType()

The type of traffic to log.

You can log traffic that the resource accepts or rejects, or all traffic.

setTrafficType

public void setTrafficType(java.lang.String value)

The type of traffic to log.

You can log traffic that the resource accepts or rejects, or all traffic.

getDeliverLogsPermissionArn

public java.lang.String getDeliverLogsPermissionArn()

The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account.

If you specify LogDestinationType as s3 , do not specify DeliverLogsPermissionArn or LogGroupName .

setDeliverLogsPermissionArn

public void setDeliverLogsPermissionArn(java.lang.String value)

The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account.

If you specify LogDestinationType as s3 , do not specify DeliverLogsPermissionArn or LogGroupName .

getLogDestination

public java.lang.String getLogDestination()

The destination to which the flow log data is to be published.

Flow log data can be published to a CloudWatch Logs log group or an Amazon S3 bucket. The value specified for this parameter depends on the value specified for LogDestinationType .

If LogDestinationType is not specified or cloud-watch-logs , specify the Amazon Resource Name (ARN) of the CloudWatch Logs log group. For example, to publish to a log group called my-logs , specify arn:aws:logs:us-east-1:123456789012:log-group:my-logs . Alternatively, use LogGroupName instead.

If LogDestinationType is s3 , specify the ARN of the Amazon S3 bucket. You can also specify a subfolder in the bucket. To specify a subfolder in the bucket, use the following ARN format: bucket_ARN/subfolder_name/ . For example, to specify a subfolder named my-logs in a bucket named my-bucket , use the following ARN: arn:aws:s3:::my-bucket/my-logs/ . You cannot use AWSLogs as a subfolder name. This is a reserved term.

setLogDestination

public void setLogDestination(java.lang.String value)

The destination to which the flow log data is to be published.

Flow log data can be published to a CloudWatch Logs log group or an Amazon S3 bucket. The value specified for this parameter depends on the value specified for LogDestinationType .

If LogDestinationType is not specified or cloud-watch-logs , specify the Amazon Resource Name (ARN) of the CloudWatch Logs log group. For example, to publish to a log group called my-logs , specify arn:aws:logs:us-east-1:123456789012:log-group:my-logs . Alternatively, use LogGroupName instead.

If LogDestinationType is s3 , specify the ARN of the Amazon S3 bucket. You can also specify a subfolder in the bucket. To specify a subfolder in the bucket, use the following ARN format: bucket_ARN/subfolder_name/ . For example, to specify a subfolder named my-logs in a bucket named my-bucket , use the following ARN: arn:aws:s3:::my-bucket/my-logs/ . You cannot use AWSLogs as a subfolder name. This is a reserved term.

getLogDestinationType

public java.lang.String getLogDestinationType()

The type of destination to which the flow log data is to be published.

Flow log data can be published to CloudWatch Logs or Amazon S3. To publish flow log data to CloudWatch Logs, specify cloud-watch-logs . To publish flow log data to Amazon S3, specify s3 .

If you specify LogDestinationType as s3 , do not specify DeliverLogsPermissionArn or LogGroupName .

Default: cloud-watch-logs

setLogDestinationType

public void setLogDestinationType(java.lang.String value)

The type of destination to which the flow log data is to be published.

Flow log data can be published to CloudWatch Logs or Amazon S3. To publish flow log data to CloudWatch Logs, specify cloud-watch-logs . To publish flow log data to Amazon S3, specify s3 .

If you specify LogDestinationType as s3 , do not specify DeliverLogsPermissionArn or LogGroupName .

Default: cloud-watch-logs

getLogFormat

public java.lang.String getLogFormat()

The fields to include in the flow log record, in the order in which they should appear.

For a list of available fields, see Flow Log Records . If you omit this parameter, the flow log is created using the default format. If you specify this parameter, you must specify at least one field.

Specify the fields using the ${field-id} format, separated by spaces.

setLogFormat

public void setLogFormat(java.lang.String value)

The fields to include in the flow log record, in the order in which they should appear.

For a list of available fields, see Flow Log Records . If you omit this parameter, the flow log is created using the default format. If you specify this parameter, you must specify at least one field.

Specify the fields using the ${field-id} format, separated by spaces.

getLogGroupName

public java.lang.String getLogGroupName()

The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs.

If you specify LogDestinationType as s3 , do not specify DeliverLogsPermissionArn or LogGroupName .

setLogGroupName

public void setLogGroupName(java.lang.String value)

The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs.

If you specify LogDestinationType as s3 , do not specify DeliverLogsPermissionArn or LogGroupName .

getMaxAggregationInterval

public java.lang.Number getMaxAggregationInterval()

The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record.

You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).

When a network interface is attached to a Nitro-based instance , the aggregation interval is always 60 seconds or less, regardless of the value that you specify.

Default: 600

setMaxAggregationInterval

public void setMaxAggregationInterval(java.lang.Number value)

The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record.

You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).

When a network interface is attached to a Nitro-based instance , the aggregation interval is always 60 seconds or less, regardless of the value that you specify.

Default: 600