https://github.com/binbashar/terraform-aws-vpc-flowlogs

Terraform module which creates VPC flow logs to S3 on AWS https://registry.terraform.io/modules/binbashar/vpc-flowlogs
https://github.com/binbashar/terraform-aws-vpc-flowlogs

bb-le-mod-terraform binbash-terraform terraform

Last synced: 3 months ago
JSON representation

Terraform module which creates VPC flow logs to S3 on AWS https://registry.terraform.io/modules/binbashar/vpc-flowlogs

• Host: GitHub
• URL: https://github.com/binbashar/terraform-aws-vpc-flowlogs
• Owner: binbashar
• License: mit
• Created: 2019-07-12T23:02:34.000Z (almost 7 years ago)
• Default Branch: master
• Last Pushed: 2024-07-29T07:58:01.000Z (almost 2 years ago)
• Last Synced: 2026-03-01T08:21:25.039Z (4 months ago)
• Topics: bb-le-mod-terraform, binbash-terraform, terraform
• Language: HCL
• Size: 246 KB
• Stars: 4
• Watchers: 10
• Forks: 13
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE.md
  • Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

README

          


    






# Terraform Module: VPC Flow Logs

A Terraform module for enabling VPC Flow Logs to an S3 bucket.

## Releases

- **Versions:** `<= 0.x.y` (Terraform 0.11.x compatible)

    - eg: https://registry.terraform.io/modules/binbashar/vpc-flow-logs/aws/0.0.1

- **Versions:** `>= 1.x.y` (Terraform 0.12.x compatible)

    - eg: https://registry.terraform.io/modules/binbashar/vpc-flow-logs/aws/1.0.0

- **TODO:** Support AWS Org centralized flow logs -> https://aws.amazon.com/blogs/security/how-to-facilitate-data-analysis-and-fulfill-security-requirements-by-using-centralized-flow-log-data/

## Requirements

| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 0.12.28 |

|  [aws](#requirement\_aws) | >= 4.9 |

## Providers

| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | >= 4.9 |

## Modules

No modules.

## Resources

| Name | Type |

|------|------|

| [aws_flow_log.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/flow_log) | resource |

| [aws_s3_bucket.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |

| [aws_s3_bucket_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |

| [aws_s3_bucket_public_access_block.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |

| [aws_iam_policy_document.allow_vpc_flowlogs_delivery_service](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

| [aws_iam_policy_document.combined](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

| [aws_iam_policy_document.ssl_enforce](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [bucket\_name\_prefix](#input\_bucket\_name\_prefix) | S3 Bucket Name Prefix | `string` | `"S3 Bucket for Terraform Remote State Storage"` | no |

|  [custom\_policy](#input\_custom\_policy) | Custom policy | `string` | `null` | no |

|  [enable\_default\_policy](#input\_enable\_default\_policy) | Enable default policy | `bool` | `true` | no |

|  [enable\_versioning](#input\_enable\_versioning) | Enable bucket versioning | `bool` | `false` | no |

|  [enable\_vpc\_delivery\_service](#input\_enable\_vpc\_delivery\_service) | Enable VPC delivery service policy | `bool` | `true` | no |

|  [enforce\_ssl](#input\_enforce\_ssl) | Enforce bucket SSL encryption | `bool` | `true` | no |

|  [force\_destroy](#input\_force\_destroy) | Whether to forcefully destroy the bucket or not | `bool` | `false` | no |

|  [log\_format](#input\_log\_format) | VPC Flow Logs Format | `string` | `null` | no |

|  [tags](#input\_tags) | Tags To Apply To Created Resources | `any` | `{}` | no |

|  [vpc\_id](#input\_vpc\_id) | VPC ID | `string` | `""` | no |

## Outputs

| Name | Description |

|------|-------------|

|  [bucket\_arn](#output\_bucket\_arn) | S3 Bucket ARN |

|  [bucket\_name](#output\_bucket\_name) | S3 Bucket name |

|  [flow\_log\_id](#output\_flow\_log\_id) | Flow Log ID |

## Examples

### VPC Flow Logs

```terraform

#

# VPC Flow Logs

#

module "vpc_flow_logs" {

    source = "git::git@github.com:binbashar/terraform-aws-vpc-flowlogs.git?ref=v0.0.2"

    vpc_id = "your-vpc-id"

    bucket_name_prefix = "your-s3-bucket-name-prefix"

    bucket_region = "your-s3-bucket-region"

    tags = "your-tags"

}

```

---

## Binbash Leverage | DevOps Automation Code Library Integration

In order to get the full automated potential of the

[Binbash Leverage DevOps Automation Code Library](https://leverage.binbash.com.ar/how-it-works/code-library/code-library/)  

you should initialize all the necessary helper **Makefiles**.

#### How?

You must execute the `make init-makefiles` command  at the root context

```shell

╭─delivery at delivery-I7567 in ~/terraform/terraform-aws-backup-by-tags on master✔ 20-09-17

╰─⠠⠵ make

Available Commands:

 - init-makefiles     initialize makefiles

```

### Why?

You'll get all the necessary commands to automatically operate this module via a dockerized approach,

example shown below

```shell

╭─delivery at delivery-I7567 in ~/terraform/terraform-aws-backup-by-tags on master✔ 20-09-17

╰─⠠⠵ make

Available Commands:

 - circleci-validate-config  ## Validate A CircleCI Config (https

 - format-check        ## The terraform fmt is used to rewrite tf conf files to a canonical format and style.

 - format              ## The terraform fmt is used to rewrite tf conf files to a canonical format and style.

 - tf-dir-chmod        ## run chown in ./.terraform to gran that the docker mounted dir has the right permissions

 - version             ## Show terraform version

 - init-makefiles      ## initialize makefiles

```

```shell

╭─delivery at delivery-I7567 in ~/terraform/terraform-aws-backup-by-tags on master✔ 20-09-17

╰─⠠⠵ make format-check

docker run --rm -v /home/delivery/Binbash/repos/Leverage/terraform/terraform-aws-backup-by-tags:"/go/src/project/":rw -v :/config -v /common.config:/common-config/common.config -v ~/.ssh:/root/.ssh -v ~/.gitconfig:/etc/gitconfig -v ~/.aws/bb:/root/.aws/bb -e AWS_SHARED_CREDENTIALS_FILE=/root/.aws/bb/credentials -e AWS_CONFIG_FILE=/root/.aws/bb/config --entrypoint=/bin/terraform -w "/go/src/project/" -it binbash/terraform-awscli-slim:0.12.28 fmt -check

```

# Release Management

### CircleCi PR auto-release job



  



- [**pipeline-job**](https://circleci.com/gh/binbashar/terraform-aws-vpc-flowlogs) (**NOTE:** Will only run after merged PR)

- [**releases**](https://github.com/binbashar/terraform-aws-vpc-flowlogs/releases)

- [**changelog**](https://github.com/binbashar/terraform-aws-vpc-flowlogs/blob/master/CHANGELOG.md)