FlowLogProps

class aws_cdk.aws_ec2.FlowLogProps(*, destination=None, traffic_type=None, resource_type, flow_log_name=None)

Bases: FlowLogOptions

Properties of a VPC Flow Log.

Parameters:

  • destination (Optional[FlowLogDestination]) – Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3 Default: FlowLogDestinationType.toCloudWatchLogs()

  • traffic_type (Optional[FlowLogTrafficType]) – The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic. Default: ALL

  • resource_type (FlowLogResourceType) – The type of resource for which to create the flow log.

  • flow_log_name (Optional[str]) – The name of the FlowLog. It is not recommended to use an explicit name. Default: If you don’t specify a flowLogName, AWS CloudFormation generates a unique physical ID and uses that ID for the group name.

ExampleMetadata:

infused

Example:

# vpc: ec2.Vpc


log_group = logs.LogGroup(self, "MyCustomLogGroup")

role = iam.Role(self, "MyCustomRole",
    assumed_by=iam.ServicePrincipal("vpc-flow-logs.amazonaws.com")
)

ec2.FlowLog(self, "FlowLog",
    resource_type=ec2.FlowLogResourceType.from_vpc(vpc),
    destination=ec2.FlowLogDestination.to_cloud_watch_logs(log_group, role)
)

Attributes

destination

Specifies the type of destination to which the flow log data is to be published.

Flow log data can be published to CloudWatch Logs or Amazon S3

Default:

FlowLogDestinationType.toCloudWatchLogs()

flow_log_name

The name of the FlowLog.

It is not recommended to use an explicit name.

Default:

If you don’t specify a flowLogName, AWS CloudFormation generates a unique physical ID and uses that ID for the group name.

resource_type

The type of resource for which to create the flow log.

traffic_type

The type of traffic to log.

You can log traffic that the resource accepts or rejects, or all traffic.

Default:

ALL