software.amazon.awscdk.services.ec2

Class CfnFlowLog

java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.CfnElement

software.amazon.awscdk.CfnRefElement

software.amazon.awscdk.CfnResource

software.amazon.awscdk.services.ec2.CfnFlowLog

All Implemented Interfaces:

IInspectable, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

@Generated(value="jsii-pacmak/1.67.0 (build 2c027f5)",
           date="2022-09-19T20:26:38.168Z")
 @Stability(value=Stable)
public class CfnFlowLog
extends CfnResource
implements IInspectable

A CloudFormation `AWS::EC2::FlowLog`.

Specifies a VPC flow log that captures IP traffic for a specified network interface, subnet, or VPC. To view the log data, use Amazon CloudWatch Logs (CloudWatch Logs) to help troubleshoot connection issues. For example, you can use a flow log to investigate why certain traffic isn't reaching an instance, which can help you diagnose overly restrictive security group rules. For more information, see VPC Flow Logs in the Amazon VPC User Guide .

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.ec2.*;
 Object destinationOptions;
 CfnFlowLog cfnFlowLog = CfnFlowLog.Builder.create(this, "MyCfnFlowLog")
         .resourceId("resourceId")
         .resourceType("resourceType")
         .trafficType("trafficType")
         // the properties below are optional
         .deliverLogsPermissionArn("deliverLogsPermissionArn")
         .destinationOptions(destinationOptions)
         .logDestination("logDestination")
         .logDestinationType("logDestinationType")
         .logFormat("logFormat")
         .logGroupName("logGroupName")
         .maxAggregationInterval(123)
         .tags(List.of(CfnTag.builder()
                 .key("key")
                 .value("value")
                 .build()))
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	CfnFlowLog.Builder A fluent builder for CfnFlowLog.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.amazon.awscdk.IInspectable

IInspectable.Jsii$Default, IInspectable.Jsii$Proxy

Nested classes/interfaces inherited from interface software.constructs.IConstruct

software.constructs.IConstruct.Jsii$Default

Field Summary

Fields

Modifier and Type	Field and Description
static String	CFN_RESOURCE_TYPE_NAME The CloudFormation resource type name for this resource class.

Constructor Summary

Constructors

Modifier	Constructor and Description
	CfnFlowLog(software.constructs.Construct scope, String id, CfnFlowLogProps props) Create a new `AWS::EC2::FlowLog`.
protected	CfnFlowLog(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	CfnFlowLog(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method and Description
String	getAttrId() The ID of the flow log.
protected Map<String,Object>	getCfnProperties()
String	getDeliverLogsPermissionArn() The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account.
Object	getDestinationOptions() The destination options.
String	getLogDestination() The destination to which the flow log data is to be published.
String	getLogDestinationType() The type of destination to which the flow log data is to be published.
String	getLogFormat() The fields to include in the flow log record, in the order in which they should appear.
String	getLogGroupName() The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs.
Number	getMaxAggregationInterval() The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record.
String	getResourceId() The ID of the subnet, network interface, or VPC for which you want to create a flow log.
String	getResourceType() The type of resource for which to create the flow log.
TagManager	getTags() The tags to apply to the flow logs.
String	getTrafficType() The type of traffic to log.
void	inspect(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.
protected Map<String,Object>	renderProperties(Map<String,Object> props)
void	setDeliverLogsPermissionArn(String value) The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account.
void	setDestinationOptions(Object value) The destination options.
void	setLogDestination(String value) The destination to which the flow log data is to be published.
void	setLogDestinationType(String value) The type of destination to which the flow log data is to be published.
void	setLogFormat(String value) The fields to include in the flow log record, in the order in which they should appear.
void	setLogGroupName(String value) The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs.
void	setMaxAggregationInterval(Number value) The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record.
void	setResourceId(String value) The ID of the subnet, network interface, or VPC for which you want to create a flow log.
void	setResourceType(String value) The type of resource for which to create the flow log.
void	setTrafficType(String value) The type of traffic to log.

Methods inherited from class software.amazon.awscdk.CfnResource

addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, getUpdatedProperties, isCfnResource, shouldSynthesize, toString, validateProperties

Methods inherited from class software.amazon.awscdk.CfnRefElement

getRef

Methods inherited from class software.amazon.awscdk.CfnElement

getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId

Methods inherited from class software.constructs.Construct

getNode, isConstruct

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Field Detail

CFN_RESOURCE_TYPE_NAME

@Stability(value=Stable)
public static final String CFN_RESOURCE_TYPE_NAME

The CloudFormation resource type name for this resource class.

Constructor Detail

CfnFlowLog

protected CfnFlowLog(software.amazon.jsii.JsiiObjectRef objRef)

CfnFlowLog

protected CfnFlowLog(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

CfnFlowLog

@Stability(value=Stable)
public CfnFlowLog(@NotNull
                                           software.constructs.Construct scope,
                                           @NotNull
                                           String id,
                                           @NotNull
                                           CfnFlowLogProps props)

Create a new `AWS::EC2::FlowLog`.

Parameters:

scope - - scope in which this resource is defined. This parameter is required.

id - - scoped id of the resource. This parameter is required.

props - - resource properties. This parameter is required.

Method Detail

inspect

@Stability(value=Stable)
public void inspect(@NotNull
                                             TreeInspector inspector)

Examines the CloudFormation resource and discloses attributes.

Specified by:

inspect in interface IInspectable

Parameters:

inspector - - tree inspector to collect and process attributes. This parameter is required.

renderProperties

@Stability(value=Stable)
 @NotNull
protected Map<String,Object> renderProperties(@NotNull
                                                                                 Map<String,Object> props)

Overrides:

renderProperties in class CfnResource

Parameters:

props - This parameter is required.

getAttrId

@Stability(value=Stable)
 @NotNull
public String getAttrId()

The ID of the flow log.

For example, fl-123456abc123abc1 .

getCfnProperties

@Stability(value=Stable)
 @NotNull
protected Map<String,Object> getCfnProperties()

Overrides:

getCfnProperties in class CfnResource

getTags

@Stability(value=Stable)
 @NotNull
public TagManager getTags()

The tags to apply to the flow logs.

getDestinationOptions

@Stability(value=Stable)
 @NotNull
public Object getDestinationOptions()

The destination options. The following options are supported:.

• FileFormat - The format for the flow log ( plain-text | parquet ). The default is plain-text .
• HiveCompatiblePartitions - Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3 ( true | false ). The default is false .
• PerHourPartition - Indicates whether to partition the flow log per hour ( true | false ). The default is false .

setDestinationOptions

@Stability(value=Stable)
public void setDestinationOptions(@NotNull
                                                           Object value)

The destination options. The following options are supported:.

• FileFormat - The format for the flow log ( plain-text | parquet ). The default is plain-text .
• HiveCompatiblePartitions - Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3 ( true | false ). The default is false .
• PerHourPartition - Indicates whether to partition the flow log per hour ( true | false ). The default is false .

getResourceId

@Stability(value=Stable)
 @NotNull
public String getResourceId()

The ID of the subnet, network interface, or VPC for which you want to create a flow log.

setResourceId

@Stability(value=Stable)
public void setResourceId(@NotNull
                                                   String value)

The ID of the subnet, network interface, or VPC for which you want to create a flow log.

getResourceType

@Stability(value=Stable)
 @NotNull
public String getResourceType()

The type of resource for which to create the flow log.

For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.

setResourceType

@Stability(value=Stable)
public void setResourceType(@NotNull
                                                     String value)

The type of resource for which to create the flow log.

For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.

getTrafficType

@Stability(value=Stable)
 @NotNull
public String getTrafficType()

The type of traffic to log.

You can log traffic that the resource accepts or rejects, or all traffic.

setTrafficType

@Stability(value=Stable)
public void setTrafficType(@NotNull
                                                    String value)

The type of traffic to log.

You can log traffic that the resource accepts or rejects, or all traffic.

getDeliverLogsPermissionArn

@Stability(value=Stable)
 @Nullable
public String getDeliverLogsPermissionArn()

The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account.

If you specify LogDestinationType as s3 , do not specify DeliverLogsPermissionArn or LogGroupName .

setDeliverLogsPermissionArn

@Stability(value=Stable)
public void setDeliverLogsPermissionArn(@Nullable
                                                                 String value)

The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account.

If you specify LogDestinationType as s3 , do not specify DeliverLogsPermissionArn or LogGroupName .

getLogDestination

@Stability(value=Stable)
 @Nullable
public String getLogDestination()

The destination to which the flow log data is to be published.

Flow log data can be published to a CloudWatch Logs log group or an Amazon S3 bucket. The value specified for this parameter depends on the value specified for LogDestinationType .

If LogDestinationType is not specified or cloud-watch-logs , specify the Amazon Resource Name (ARN) of the CloudWatch Logs log group. For example, to publish to a log group called my-logs , specify arn:aws:logs:us-east-1:123456789012:log-group:my-logs . Alternatively, use LogGroupName instead.

If LogDestinationType is s3 , specify the ARN of the Amazon S3 bucket. You can also specify a subfolder in the bucket. To specify a subfolder in the bucket, use the following ARN format: bucket_ARN/subfolder_name/ . For example, to specify a subfolder named my-logs in a bucket named my-bucket , use the following ARN: arn:aws:s3:::my-bucket/my-logs/ . You cannot use AWSLogs as a subfolder name. This is a reserved term.

setLogDestination

@Stability(value=Stable)
public void setLogDestination(@Nullable
                                                       String value)

The destination to which the flow log data is to be published.

Flow log data can be published to a CloudWatch Logs log group or an Amazon S3 bucket. The value specified for this parameter depends on the value specified for LogDestinationType .

If LogDestinationType is not specified or cloud-watch-logs , specify the Amazon Resource Name (ARN) of the CloudWatch Logs log group. For example, to publish to a log group called my-logs , specify arn:aws:logs:us-east-1:123456789012:log-group:my-logs . Alternatively, use LogGroupName instead.

If LogDestinationType is s3 , specify the ARN of the Amazon S3 bucket. You can also specify a subfolder in the bucket. To specify a subfolder in the bucket, use the following ARN format: bucket_ARN/subfolder_name/ . For example, to specify a subfolder named my-logs in a bucket named my-bucket , use the following ARN: arn:aws:s3:::my-bucket/my-logs/ . You cannot use AWSLogs as a subfolder name. This is a reserved term.

getLogDestinationType

@Stability(value=Stable)
 @Nullable
public String getLogDestinationType()

The type of destination to which the flow log data is to be published.

Flow log data can be published to CloudWatch Logs or Amazon S3. To publish flow log data to CloudWatch Logs, specify cloud-watch-logs . To publish flow log data to Amazon S3, specify s3 .

If you specify LogDestinationType as s3 , do not specify DeliverLogsPermissionArn or LogGroupName .

Default: cloud-watch-logs

setLogDestinationType

@Stability(value=Stable)
public void setLogDestinationType(@Nullable
                                                           String value)

The type of destination to which the flow log data is to be published.

Flow log data can be published to CloudWatch Logs or Amazon S3. To publish flow log data to CloudWatch Logs, specify cloud-watch-logs . To publish flow log data to Amazon S3, specify s3 .

If you specify LogDestinationType as s3 , do not specify DeliverLogsPermissionArn or LogGroupName .

Default: cloud-watch-logs

getLogFormat

@Stability(value=Stable)
 @Nullable
public String getLogFormat()

The fields to include in the flow log record, in the order in which they should appear.

For a list of available fields, see Flow Log Records . If you omit this parameter, the flow log is created using the default format. If you specify this parameter, you must specify at least one field.

Specify the fields using the ${field-id} format, separated by spaces.

setLogFormat

@Stability(value=Stable)
public void setLogFormat(@Nullable
                                                  String value)

The fields to include in the flow log record, in the order in which they should appear.

For a list of available fields, see Flow Log Records . If you omit this parameter, the flow log is created using the default format. If you specify this parameter, you must specify at least one field.

Specify the fields using the ${field-id} format, separated by spaces.

getLogGroupName

@Stability(value=Stable)
 @Nullable
public String getLogGroupName()

The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs.

If you specify LogDestinationType as s3 , do not specify DeliverLogsPermissionArn or LogGroupName .

setLogGroupName

@Stability(value=Stable)
public void setLogGroupName(@Nullable
                                                     String value)

The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs.

If you specify LogDestinationType as s3 , do not specify DeliverLogsPermissionArn or LogGroupName .

getMaxAggregationInterval

@Stability(value=Stable)
 @Nullable
public Number getMaxAggregationInterval()

The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record.

You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).

When a network interface is attached to a Nitro-based instance , the aggregation interval is always 60 seconds or less, regardless of the value that you specify.

Default: 600

setMaxAggregationInterval

@Stability(value=Stable)
public void setMaxAggregationInterval(@Nullable
                                                               Number value)

The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record.

You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).

When a network interface is attached to a Nitro-based instance , the aggregation interval is always 60 seconds or less, regardless of the value that you specify.

Default: 600