aws-cdk-lib.aws_ec2.FlowLog

class FlowLog (construct)

LanguageType name
.NETAmazon.CDK.AWS.EC2.FlowLog
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsec2#FlowLog
Javasoftware.amazon.awscdk.services.ec2.FlowLog
Pythonaws_cdk.aws_ec2.FlowLog
TypeScript (source)aws-cdk-lib » aws_ec2 » FlowLog

Implements IConstruct, IDependable, IResource, IFlowLog

A VPC flow log.

Example

declare const vpc: ec2.Vpc;

const logGroup = new logs.LogGroup(this, 'MyCustomLogGroup');

const role = new iam.Role(this, 'MyCustomRole', {
  assumedBy: new iam.ServicePrincipal('vpc-flow-logs.amazonaws.com')
});

new ec2.FlowLog(this, 'FlowLog', {
  resourceType: ec2.FlowLogResourceType.fromVpc(vpc),
  destination: ec2.FlowLogDestination.toCloudWatchLogs(logGroup, role)
});

Initializer

new FlowLog(scope: Construct, id: string, props: FlowLogProps)

Parameters

  • scope Construct
  • id string
  • props FlowLogProps

Construct Props

NameTypeDescription
resourceTypeFlowLogResourceTypeThe type of resource for which to create the flow log.
destination?FlowLogDestinationSpecifies the type of destination to which the flow log data is to be published.
flowLogName?stringThe name of the FlowLog.
logFormat?LogFormat[]The fields to include in the flow log record, in the order in which they should appear.
maxAggregationInterval?FlowLogMaxAggregationIntervalThe maximum interval of time during which a flow of packets is captured and aggregated into a flow log record.
trafficType?FlowLogTrafficTypeThe type of traffic to log.

resourceType

Type: FlowLogResourceType

The type of resource for which to create the flow log.


destination?

Type: FlowLogDestination (optional, default: FlowLogDestinationType.toCloudWatchLogs())

Specifies the type of destination to which the flow log data is to be published.

Flow log data can be published to CloudWatch Logs or Amazon S3


flowLogName?

Type: string (optional, default: If you don't specify a flowLogName, AWS CloudFormation generates a unique physical ID and uses that ID for the group name.)

The name of the FlowLog.

It is not recommended to use an explicit name.


logFormat?

Type: LogFormat[] (optional, default: default log format is used.)

The fields to include in the flow log record, in the order in which they should appear.

If multiple fields are specified, they will be separated by spaces. For full control over the literal log format string, pass a single field constructed with LogFormat.custom().

See https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-log-records


maxAggregationInterval?

Type: FlowLogMaxAggregationInterval (optional, default: FlowLogMaxAggregationInterval.TEN_MINUTES)

The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record.


trafficType?

Type: FlowLogTrafficType (optional, default: ALL)

The type of traffic to log.

You can log traffic that the resource accepts or rejects, or all traffic.

Properties

NameTypeDescription
envResourceEnvironmentThe environment this resource belongs to.
flowLogIdstringThe Id of the VPC Flow Log.
nodeNodeThe tree node.
stackStackThe stack in which this resource is defined.
bucket?IBucketThe S3 bucket to publish flow logs to.
iamRole?IRoleThe iam role used to publish logs to CloudWatch.
keyPrefix?stringS3 bucket key prefix to publish the flow logs under.
logGroup?ILogGroupThe CloudWatch Logs LogGroup to publish flow logs to.

env

Type: ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.


flowLogId

Type: string

The Id of the VPC Flow Log.


node

Type: Node

The tree node.


stack

Type: Stack

The stack in which this resource is defined.


bucket?

Type: IBucket (optional)

The S3 bucket to publish flow logs to.


iamRole?

Type: IRole (optional)

The iam role used to publish logs to CloudWatch.


keyPrefix?

Type: string (optional)

S3 bucket key prefix to publish the flow logs under.


logGroup?

Type: ILogGroup (optional)

The CloudWatch Logs LogGroup to publish flow logs to.

Methods

NameDescription
applyRemovalPolicy(policy)Apply the given removal policy to this resource.
toString()Returns a string representation of this construct.
static fromFlowLogId(scope, id, flowLogId)Import a Flow Log by it's Id.

applyRemovalPolicy(policy)

public applyRemovalPolicy(policy: RemovalPolicy): void

Parameters

  • policy RemovalPolicy

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).


toString()

public toString(): string

Returns

  • string

Returns a string representation of this construct.


static fromFlowLogId(scope, id, flowLogId)

public static fromFlowLogId(scope: Construct, id: string, flowLogId: string): IFlowLog

Parameters

  • scope Construct
  • id string
  • flowLogId string

Returns

  • IFlowLog

Import a Flow Log by it's Id.