Skip to content

Commit

Permalink
Merge pull request #5509 from ryandeivert/ryandeivert-add-flow-log-s3…
Browse files Browse the repository at this point in the history
…-dest

aws_flow_log - adding support for sending to S3
  • Loading branch information
bflad authored Oct 25, 2018
2 parents cf3da6e + f38bf13 commit 18aa08b
Show file tree
Hide file tree
Showing 3 changed files with 284 additions and 103 deletions.
53 changes: 45 additions & 8 deletions aws/resource_aws_flow_log.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/ec2"
"github.com/hashicorp/terraform/helper/schema"
"github.com/hashicorp/terraform/helper/validation"
)

func resourceAwsFlowLog() *schema.Resource {
Expand All @@ -22,14 +23,37 @@ func resourceAwsFlowLog() *schema.Resource {
Schema: map[string]*schema.Schema{
"iam_role_arn": {
Type: schema.TypeString,
Required: true,
Optional: true,
ForceNew: true,
},

"log_group_name": {
"log_destination": {
Type: schema.TypeString,
Optional: true,
Computed: true,
ForceNew: true,
ConflictsWith: []string{"log_group_name"},
ValidateFunc: validateArn,
},

"log_destination_type": {
Type: schema.TypeString,
Required: true,
Optional: true,
ForceNew: true,
Default: ec2.LogDestinationTypeCloudWatchLogs,
ValidateFunc: validation.StringInSlice([]string{
ec2.LogDestinationTypeCloudWatchLogs,
ec2.LogDestinationTypeS3,
}, false),
},

"log_group_name": {
Type: schema.TypeString,
Optional: true,
Computed: true,
ForceNew: true,
ConflictsWith: []string{"log_destination"},
Deprecated: "use 'log_destination' argument instead",
},

"vpc_id": {
Expand Down Expand Up @@ -89,11 +113,22 @@ func resourceAwsLogFlowCreate(d *schema.ResourceData, meta interface{}) error {
}

opts := &ec2.CreateFlowLogsInput{
DeliverLogsPermissionArn: aws.String(d.Get("iam_role_arn").(string)),
LogGroupName: aws.String(d.Get("log_group_name").(string)),
ResourceIds: []*string{aws.String(resourceId)},
ResourceType: aws.String(resourceType),
TrafficType: aws.String(d.Get("traffic_type").(string)),
LogDestinationType: aws.String(d.Get("log_destination_type").(string)),
ResourceIds: []*string{aws.String(resourceId)},
ResourceType: aws.String(resourceType),
TrafficType: aws.String(d.Get("traffic_type").(string)),
}

if v, ok := d.GetOk("iam_role_arn"); ok && v != "" {
opts.DeliverLogsPermissionArn = aws.String(v.(string))
}

if v, ok := d.GetOk("log_destination"); ok && v != "" {
opts.LogDestination = aws.String(v.(string))
}

if v, ok := d.GetOk("log_group_name"); ok && v != "" {
opts.LogGroupName = aws.String(v.(string))
}

log.Printf(
Expand Down Expand Up @@ -134,6 +169,8 @@ func resourceAwsLogFlowRead(d *schema.ResourceData, meta interface{}) error {

fl := resp.FlowLogs[0]
d.Set("traffic_type", fl.TrafficType)
d.Set("log_destination", fl.LogDestination)
d.Set("log_destination_type", fl.LogDestinationType)
d.Set("log_group_name", fl.LogGroupName)
d.Set("iam_role_arn", fl.DeliverLogsPermissionArn)

Expand Down
Loading

0 comments on commit 18aa08b

Please sign in to comment.