VPC Flow Logs to S3
๐ฆ Overviewโ
This Terraform module provisions VPC Flow Logs that capture and deliver network traffic metadata to an Amazon S3 bucket for analysis and long-term storage.
It supports full traffic type selection (ACCEPT, REJECT, or ALL) and includes tagging for visibility.
โ Key Featuresโ
- Captures traffic flow metadata for selected VPC
- Delivers logs to an S3 bucket (centralized or environment-specific)
- Supports environment-level tagging for governance
- Assists in forensic analysis, compliance, and network diagnostics
๐ผ Use Casesโ
- Long-term traffic analysis for compliance or auditing
- Monitor rejected connections or unexpected behavior
- Integrate with Athena or external SIEMs for deep analysis
- Baseline activity logging for regulated cloud environments
๐ฅ Input Variablesโ
| Name | Type | Description |
|---|---|---|
| region | string | AWS region where the flow log will be deployed |
| vpc_id | string | ID of the VPC where flow logs will be enabled |
| log_bucket_arn | string | ARN of the S3 bucket to receive flow logs |
| traffic_type | string | Traffic type to log: ACCEPT, REJECT, or ALL |
| environment | string | Environment tag for visibility (e.g., dev, staging, prod) |
๐ค Outputsโ
| Name | Description |
|---|---|
| flow_log_id | The ID of the created VPC Flow Log |
| log_destination | The ARN of the destination S3 bucket for log data |
๐ Deployment Readinessโ
- โ Compatible with Terraform 1.0+
- โ Requires AWS Provider 5.x+
- ๐ Ensure the target S3 bucket exists before deployment
- ๐ IAM role must have permissions to write to the specified S3 bucket
๐ ๏ธ Example Usageโ
module "flow_logs_s3_deployment" {
source = "git::ssh://git@github.com/archiphire/aws-level-1-modules.git//logging/flow-logs-s3?ref=v1.0.0"
region = "us-east-1"
vpc_id = "vpc-0123456789abcdef0"
log_bucket_arn = "arn:aws:s3:::my-flow-logs-bucket"
traffic_type = "ALL"
environment = "prod"
}
terraform init
terraform plan
terraform apply
or
tofu init
tofu plan
tofu apply
๐งน Cleanup Optionsโ
Terraform Destroy:
terraform destroy
or
tofu destroy
Manual Deletion (Recommended for Production):
aws ec2 delete-flow-logs --flow-log-ids <flow-log-id>
๐ก๏ธ Notesโ
This is a Level 1 logging module focused on foundational network observability. For deeper insights, consider pairing the S3 data with Athena, CloudWatch, or a Level 2 monitoring pipeline.
๐ Deployment Package Noticeโ
This module is part of the Level 1 AWS License Tier. To access the full deployment package and source code, subscribe to Archiphire.