Terraform-provider-aws: Add support for custom Flow Logs format

Created on 12 Sep 2019  ·  4Comments  ·  Source: hashicorp/terraform-provider-aws

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description


AWS has announced support for custom VPC Flow Logs format, which now allows to inclusion of additional metadata fields like vpc-id, subnet-id, instance-id, tcp-flags, type, pkt-srcaddr, pkt-dstaddr in Amazon Virtual Private Cloud (Amazon VPC) flow logs to better understand network flows.

Usage of additional metadata fields like vpc-id, subnet-id, Transmission Control Protocol (TCP) bitmask reduce the number of computations and look-ups required to extract meaningful information from the log data. For example, you can use TCP bitmask to identify the resource initiating at TCP connection. Similarly, you can use the packet source and destination IP fields to identify the source resource and the intended target of a connection passing through a network interface attached to NAT Gateway or an AWS Transit Gateway.

New or Affected Resource(s)

  • aws_flow_log

Potential Terraform Configuration

resource "aws_flow_log" "example" {
  log_destination      = "${aws_s3_bucket.example.arn}"
  log_destination_type = "s3"
  traffic_type    = "ALL"
  vpc_id          = "${aws_vpc.example.id}"
  log_format      = "$${version} $${vpc-id} $${subnet-id} $${instance-id} $${interface-id} $${account-id} $${type} $${srcaddr} $${dstaddr} $${srcport} $${dstport} $${pkt-srcaddr} $${pkt-dstaddr} $${protocol} $${bytes} $${packets} $${start} $${end} $${action} $${tcp-flags} $${log-status}"
}

Note: the use of ${} in flow log configuration format conflicts with Terraform variable interpolation syntax, so there may be a need to use different symbols to denote log metadata attributes and escape them like I did in the above example.

References

enhancement servicec2
Source
picture sshvetsov
👍37

Most helpful comment

Could you also update the doc with an example of the format required here?

picture jgard on 7 Nov 2019
👍6

All 4 comments

Support for the new log_format argument in the aws_flow_log resource has been merged and will release with version 2.34.0 of the Terraform AWS Provider, tomorrow. Thanks to @nebi-frame for the implementation. 👍

bflad picture bflad on 31 Oct 2019

This has been released in version 2.34.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

bflad picture bflad on 31 Oct 2019
👍1

Could you also update the doc with an example of the format required here?

jgard picture jgard on 7 Nov 2019
👍6

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

hashibot[bot] picture hashibot[bot] on 29 Mar 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

dvishniakov picture dvishniakov  ·  3Comments
ccslamstack picture ccslamstack  ·  3Comments
andywirv picture andywirv  ·  3Comments
reedloden picture reedloden  ·  3Comments
hashibot picture hashibot  ·  3Comments