VPC Flow Logs to CloudWatch
๐ฆ Overviewโ
This Terraform module provisions VPC Flow Logs that capture and send network traffic metadata to an Amazon CloudWatch Log Group for real-time observability and security analysis.
โ Key Featuresโ
- Logs accepted, rejected, or all traffic from a specified VPC
- Sends logs to CloudWatch Logs for immediate visibility
- Supports tagging for environment-level traceability
- Attaches IAM role for logging permissions
๐ผ Use Casesโ
- Real-time network monitoring for production environments
- Security auditing and compliance reviews
- Forensic analysis of network activity post-incident
- Integration with CloudWatch Insights or external SIEM platforms
๐ฅ Input Variablesโ
| Name | Type | Description |
|---|---|---|
| region | string | AWS region for the deployment |
| vpc_id | string | VPC ID to enable flow logs on |
| log_group_name | string | Name of the CloudWatch Log Group for log delivery |
| iam_role_arn | string | ARN of the IAM role with CloudWatch logging permissions |
| traffic_type | string | Type of traffic to log: ACCEPT, REJECT, or ALL |
| environment | string | Environment tag (e.g., dev, staging, prod) for visibility and filtering |
๐ค Outputsโ
| Name | Description |
|---|---|
| flow_log_id | The ID of the created VPC Flow Log |
| log_group_name | The CloudWatch Log Group receiving the logs |
๐ Deployment Readinessโ
- โ Compatible with Terraform 1.0+
- โ Requires AWS Provider 5.x+
- ๐ IAM role must include
logs:PutLogEvents,logs:CreateLogStream - ๐ Log group must exist or be created via Terraform if permitted
๐ ๏ธ Example Usageโ
module "flow_logs_vpc_deployment" {
source = "git::ssh://git@github.com/archiphire/aws-level-1-modules.git//logging/flow-logs-vpc?ref=v1.0.0"
region = "us-east-1"
vpc_id = "vpc-0123456789abcdef0"
log_group_name = "/aws/vpc/flowlogs"
iam_role_arn = "arn:aws:iam::123456789012:role/FlowLogsRole"
traffic_type = "ALL"
environment = "prod"
}
terraform init
terraform plan
terraform apply
or
tofu init
tofu plan
tofu apply
๐งน Cleanup Optionsโ
Terraform Destroy:
terraform destroy
or
tofu destroy
Manual Deletion (Recommended for Production):
aws ec2 delete-flow-logs --flow-log-ids <flow-log-id>
๐ก๏ธ Notesโ
This is a Level 1 logging module intended for VPC traffic visibility via CloudWatch. To store logs long-term or offload for compliance, consider using the flow-logs-s3 variant.
๐ Deployment Package Noticeโ
This module is part of the Level 1 AWS License Tier. To access the full deployment package and source code, subscribe to Archiphire.