class LogFormat

Language	Type name
.NET	`Amazon.CDK.AWS.EC2.LogFormat`
Go	`github.com/aws/aws-cdk-go/awscdk/v2/awsec2#LogFormat`
Java	`software.amazon.awscdk.services.ec2.LogFormat`
Python	`aws_cdk.aws_ec2.LogFormat`
TypeScript (source)	`aws-cdk-lib` » `aws_ec2` » `LogFormat`

The following table describes all of the available fields for a flow log record.

Example

const vpc = new ec2.Vpc(this, 'Vpc');

vpc.addFlowLog('FlowLog', {
  logFormat: [
    ec2.LogFormat.DST_PORT,
    ec2.LogFormat.SRC_PORT,
  ],
});

// If you just want to add a field to the default field
vpc.addFlowLog('FlowLog', {
  logFormat: [
    ec2.LogFormat.VERSION,
    ec2.LogFormat.ALL_DEFAULT_FIELDS,
  ],
});

// If AWS CDK does not support the new fields
vpc.addFlowLog('FlowLog', {
  logFormat: [
    ec2.LogFormat.SRC_PORT,
    ec2.LogFormat.custom('${new-field}'),
  ],
});

Initializer (protected)

super(value: string)

Parameters

value string

Properties

Name	Type	Description
value	`string`
static ACCOUNT_ID	`LogFormat`	The AWS account ID of the owner of the source network interface for which traffic is recorded.
static ACTION	`LogFormat`	The action that is associated with the traffic.
static ALL_DEFAULT_FIELDS	`LogFormat`	The default format.
static AZ_ID	`LogFormat`	The ID of the Availability Zone that contains the network interface for which traffic is recorded.
static BYTES	`LogFormat`	The number of bytes transferred during the flow.
static DST_ADDR	`LogFormat`	The destination address for outgoing traffic, or the IPv4 or IPv6 address of the network interface for incoming traffic on the network interface.
static DST_PORT	`LogFormat`	The destination port of the traffic.
static ECS_CLUSTER_ARN	`LogFormat`	AWS Resource Name (ARN) of the ECS cluster if the traffic is from a running ECS task.
static ECS_CLUSTER_NAME	`LogFormat`	Name of the ECS cluster if the traffic is from a running ECS task.
static ECS_CONTAINER_ID	`LogFormat`	Docker runtime ID of the container if the traffic is from a running ECS task.
static ECS_CONTAINER_INSTANCE_ARN	`LogFormat`	ARN of the ECS container instance if the traffic is from a running ECS task on an EC2 instance.
static ECS_CONTAINER_INSTANCE_ID	`LogFormat`	ID of the ECS container instance if the traffic is from a running ECS task on an EC2 instance.
static ECS_SECOND_CONTAINER_ID	`LogFormat`	Docker runtime ID of the container if the traffic is from a running ECS task.
static ECS_SERVICE_NAME	`LogFormat`	Name of the ECS service if the traffic is from a running ECS task and the ECS task is started by an ECS service.
static ECS_TASK_ARN	`LogFormat`	ARN of the ECS task if the traffic is from a running ECS task.
static ECS_TASK_DEFINITION_ARN	`LogFormat`	ARN of the ECS task definition if the traffic is from a running ECS task.
static ECS_TASK_ID	`LogFormat`	ID of the ECS task if the traffic is from a running ECS task.
static END_TIMESTAMP	`LogFormat`	The time, in Unix seconds, when the last packet of the flow was received within the aggregation interval.
static FLOW_DIRECTION	`LogFormat`	The direction of the flow with respect to the interface where traffic is captured.
static INSTANCE_ID	`LogFormat`	The ID of the instance that's associated with network interface for which the traffic is recorded, if the instance is owned by you.
static INTERFACE_ID	`LogFormat`	The ID of the network interface for which the traffic is recorded.
static LOG_STATUS	`LogFormat`	The logging status of the flow log.
static PACKETS	`LogFormat`	The number of packets transferred during the flow.
static PKT_DST_ADDR	`LogFormat`	The packet-level (original) destination IP address for the traffic.
static PKT_DST_AWS_SERVICE	`LogFormat`	The name of the subset of IP address ranges for the pkt-dstaddr field, if the destination IP address is for an AWS service.
static PKT_SRC_ADDR	`LogFormat`	The packet-level (original) source IP address of the traffic.
static PKT_SRC_AWS_SERVICE	`LogFormat`	The name of the subset of IP address ranges for the pkt-srcaddr field, if the source IP address is for an AWS service.
static PROTOCOL	`LogFormat`	The IANA protocol number of the traffic.
static REGION	`LogFormat`	The Region that contains the network interface for which traffic is recorded.
static SRC_ADDR	`LogFormat`	The source address for incoming traffic, or the IPv4 or IPv6 address of the network interface for outgoing traffic on the network interface.
static SRC_PORT	`LogFormat`	The source port of the traffic.
static START_TIMESTAMP	`LogFormat`	The time, in Unix seconds, when the first packet of the flow was received within the aggregation interval.
static SUBLOCATION_ID	`LogFormat`	The ID of the sublocation that contains the network interface for which traffic is recorded.
static SUBLOCATION_TYPE	`LogFormat`	The type of sublocation that's returned in the sublocation-id field.
static SUBNET_ID	`LogFormat`	The ID of the subnet that contains the network interface for which the traffic is recorded.
static TCP_FLAGS	`LogFormat`	The bitmask value for TCP flags.
static TRAFFIC_PATH	`LogFormat`	The path that egress traffic takes to the destination.
static TRAFFIC_TYPE	`LogFormat`	The type of traffic.
static VERSION	`LogFormat`	The VPC Flow Logs version.
static VPC_ID	`LogFormat`	The ID of the VPC that contains the network interface for which the traffic is recorded.

value

Type: string

static ACCOUNT_ID

Type: LogFormat

The AWS account ID of the owner of the source network interface for which traffic is recorded.

static ACTION

Type: LogFormat

The action that is associated with the traffic.

static ALL_DEFAULT_FIELDS

Type: LogFormat

The default format.

static AZ_ID

Type: LogFormat

The ID of the Availability Zone that contains the network interface for which traffic is recorded.

static BYTES

Type: LogFormat

The number of bytes transferred during the flow.

static DST_ADDR

Type: LogFormat

The destination address for outgoing traffic, or the IPv4 or IPv6 address of the network interface for incoming traffic on the network interface.

static DST_PORT

Type: LogFormat

The destination port of the traffic.

static ECS_CLUSTER_ARN

Type: LogFormat

AWS Resource Name (ARN) of the ECS cluster if the traffic is from a running ECS task.

static ECS_CLUSTER_NAME

Type: LogFormat

Name of the ECS cluster if the traffic is from a running ECS task.

static ECS_CONTAINER_ID

Type: LogFormat

Docker runtime ID of the container if the traffic is from a running ECS task.

If there is one container or more in the ECS task, this will be the docker runtime ID of the first container.

static ECS_CONTAINER_INSTANCE_ARN

Type: LogFormat

ARN of the ECS container instance if the traffic is from a running ECS task on an EC2 instance.

static ECS_CONTAINER_INSTANCE_ID

Type: LogFormat

ID of the ECS container instance if the traffic is from a running ECS task on an EC2 instance.

static ECS_SECOND_CONTAINER_ID

Type: LogFormat

Docker runtime ID of the container if the traffic is from a running ECS task.

If there is more than one container in the ECS task, this will be the Docker runtime ID of the second container.

static ECS_SERVICE_NAME

Type: LogFormat

Name of the ECS service if the traffic is from a running ECS task and the ECS task is started by an ECS service.

static ECS_TASK_ARN

Type: LogFormat

ARN of the ECS task if the traffic is from a running ECS task.

static ECS_TASK_DEFINITION_ARN

Type: LogFormat

ARN of the ECS task definition if the traffic is from a running ECS task.

static ECS_TASK_ID

Type: LogFormat

ID of the ECS task if the traffic is from a running ECS task.

static END_TIMESTAMP

Type: LogFormat

The time, in Unix seconds, when the last packet of the flow was received within the aggregation interval.

This might be up to 60 seconds after the packet was transmitted or received on the network interface.

static FLOW_DIRECTION

Type: LogFormat

The direction of the flow with respect to the interface where traffic is captured.

static INSTANCE_ID

Type: LogFormat

The ID of the instance that's associated with network interface for which the traffic is recorded, if the instance is owned by you.

Returns a '-' symbol for a requester-managed network interface; for example, the network interface for a NAT gateway

static INTERFACE_ID

Type: LogFormat

The ID of the network interface for which the traffic is recorded.

static LOG_STATUS

Type: LogFormat

The logging status of the flow log.

static PACKETS

Type: LogFormat

The number of packets transferred during the flow.

static PKT_DST_ADDR

Type: LogFormat

The packet-level (original) destination IP address for the traffic.

static PKT_DST_AWS_SERVICE

Type: LogFormat

The name of the subset of IP address ranges for the pkt-dstaddr field, if the destination IP address is for an AWS service.

static PKT_SRC_ADDR

Type: LogFormat

The packet-level (original) source IP address of the traffic.

static PKT_SRC_AWS_SERVICE

Type: LogFormat

The name of the subset of IP address ranges for the pkt-srcaddr field, if the source IP address is for an AWS service.

static PROTOCOL

Type: LogFormat

The IANA protocol number of the traffic.

static REGION

Type: LogFormat

The Region that contains the network interface for which traffic is recorded.

static SRC_ADDR

Type: LogFormat

The source address for incoming traffic, or the IPv4 or IPv6 address of the network interface for outgoing traffic on the network interface.

static SRC_PORT

Type: LogFormat

The source port of the traffic.

static START_TIMESTAMP

Type: LogFormat

The time, in Unix seconds, when the first packet of the flow was received within the aggregation interval.

This might be up to 60 seconds after the packet was transmitted or received on the network interface.

static SUBLOCATION_ID

Type: LogFormat

The ID of the sublocation that contains the network interface for which traffic is recorded.

static SUBLOCATION_TYPE

Type: LogFormat

The type of sublocation that's returned in the sublocation-id field.

static SUBNET_ID

Type: LogFormat

The ID of the subnet that contains the network interface for which the traffic is recorded.

static TCP_FLAGS

Type: LogFormat

The bitmask value for TCP flags.

FIN -- 1
SYN -- 2
RST -- 4
SYN-ACK -- 18

If no supported flags are recorded, the TCP flag value is 0.

TCP flags can be OR-ed during the aggregation interval. For short connections, the flags might be set on the same line in the flow log record, for example, 19 for SYN-ACK and FIN, and 3 for SYN and FIN.

static TRAFFIC_PATH

Type: LogFormat

The path that egress traffic takes to the destination.

static TRAFFIC_TYPE

Type: LogFormat

The type of traffic.

The possible values are IPv4, IPv6, or EFA.

static VERSION

Type: LogFormat

The VPC Flow Logs version.

static VPC_ID

Type: LogFormat

The ID of the VPC that contains the network interface for which the traffic is recorded.

Methods

Name	Description
static custom(formatString)	A custom format string.
static field(field)	A custom field name.

static custom(formatString)

public static custom(formatString: string): LogFormat

Parameters

formatString string

Returns

LogFormat

A custom format string.

Gives full control over the format string fragment.

static field(field)

public static field(field: string): LogFormat

Parameters

field string

Returns

LogFormat

A custom field name.

If there is no ready-made constant for a new field yet, you can use this. The field name will automatically be wrapped in ${ ... }.