From ae9603fd865b48ca0df66de45eaabf3dec0b458a Mon Sep 17 00:00:00 2001
From: air3ijai <88528265+air3ijai@users.noreply.github.com>
Date: Sat, 15 Oct 2022 10:11:10 +0300
Subject: [PATCH 1/4] Add CloudWatch Log group suffix for VPC Flow logs (#836)

---
 variables.tf     | 6 ++++++
 vpc-flow-logs.tf | 7 ++++---
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/variables.tf b/variables.tf
index 15f209c52..60b97d798 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1125,6 +1125,12 @@ variable "flow_log_cloudwatch_log_group_name_prefix" {
   default     = "/aws/vpc-flow-log/"
 }
 
+variable "flow_log_cloudwatch_log_group_name_suffix" {
+  description = "Specifies the name suffix of CloudWatch Log Group for VPC flow logs."
+  type        = string
+  default     = null
+}
+
 variable "flow_log_cloudwatch_log_group_retention_in_days" {
   description = "Specifies the number of days you want to retain log events in the specified log group for VPC flow logs."
   type        = number
diff --git a/vpc-flow-logs.tf b/vpc-flow-logs.tf
index 830c73c86..ac9f25758 100644
--- a/vpc-flow-logs.tf
+++ b/vpc-flow-logs.tf
@@ -5,8 +5,9 @@ locals {
   create_flow_log_cloudwatch_iam_role  = local.enable_flow_log && var.flow_log_destination_type != "s3" && var.create_flow_log_cloudwatch_iam_role
   create_flow_log_cloudwatch_log_group = local.enable_flow_log && var.flow_log_destination_type != "s3" && var.create_flow_log_cloudwatch_log_group
 
-  flow_log_destination_arn = local.create_flow_log_cloudwatch_log_group ? try(aws_cloudwatch_log_group.flow_log[0].arn, null) : var.flow_log_destination_arn
-  flow_log_iam_role_arn    = var.flow_log_destination_type != "s3" && local.create_flow_log_cloudwatch_iam_role ? try(aws_iam_role.vpc_flow_log_cloudwatch[0].arn, null) : var.flow_log_cloudwatch_iam_role_arn
+  flow_log_destination_arn                  = local.create_flow_log_cloudwatch_log_group ? try(aws_cloudwatch_log_group.flow_log[0].arn, null) : var.flow_log_destination_arn
+  flow_log_iam_role_arn                     = var.flow_log_destination_type != "s3" && local.create_flow_log_cloudwatch_iam_role ? try(aws_iam_role.vpc_flow_log_cloudwatch[0].arn, null) : var.flow_log_cloudwatch_iam_role_arn
+  flow_log_cloudwatch_log_group_name_suffix = var.flow_log_cloudwatch_log_group_name_suffix == "" ? local.vpc_id : var.flow_log_cloudwatch_log_group_name_suffix
 }
 
 ################################################################################
@@ -44,7 +45,7 @@ resource "aws_flow_log" "this" {
 resource "aws_cloudwatch_log_group" "flow_log" {
   count = local.create_flow_log_cloudwatch_log_group ? 1 : 0
 
-  name              = "${var.flow_log_cloudwatch_log_group_name_prefix}${local.vpc_id}"
+  name              = "${var.flow_log_cloudwatch_log_group_name_prefix}${local.flow_log_cloudwatch_log_group_name_suffix}"
   retention_in_days = var.flow_log_cloudwatch_log_group_retention_in_days
   kms_key_id        = var.flow_log_cloudwatch_log_group_kms_key_id
 

From f717cb63aef724785b2630a69cbb8dd62a76daa9 Mon Sep 17 00:00:00 2001
From: air3ijai <88528265+air3ijai@users.noreply.github.com>
Date: Sat, 15 Oct 2022 10:44:33 +0300
Subject: [PATCH 2/4] Fix flow_log_cloudwatch_log_group_name_suffix default
 value (#836)

---
 variables.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/variables.tf b/variables.tf
index 60b97d798..dcf2524a6 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1128,7 +1128,7 @@ variable "flow_log_cloudwatch_log_group_name_prefix" {
 variable "flow_log_cloudwatch_log_group_name_suffix" {
   description = "Specifies the name suffix of CloudWatch Log Group for VPC flow logs."
   type        = string
-  default     = null
+  default     = ""
 }
 
 variable "flow_log_cloudwatch_log_group_retention_in_days" {

From e7de7fa01632943e7d2eb10d9fb6beb5dc38b67c Mon Sep 17 00:00:00 2001
From: air3ijai <88528265+air3ijai@users.noreply.github.com>
Date: Fri, 21 Oct 2022 12:27:31 +0300
Subject: [PATCH 3/4] Update docs (#836)

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 77406accd..51888e5d7 100644
--- a/README.md
+++ b/README.md
@@ -433,6 +433,7 @@ No modules.
 | <a name="input_flow_log_cloudwatch_iam_role_arn"></a> [flow\_log\_cloudwatch\_iam\_role\_arn](#input\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow\_log\_destination\_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided. | `string` | `""` | no |
 | <a name="input_flow_log_cloudwatch_log_group_kms_key_id"></a> [flow\_log\_cloudwatch\_log\_group\_kms\_key\_id](#input\_flow\_log\_cloudwatch\_log\_group\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data for VPC flow logs. | `string` | `null` | no |
 | <a name="input_flow_log_cloudwatch_log_group_name_prefix"></a> [flow\_log\_cloudwatch\_log\_group\_name\_prefix](#input\_flow\_log\_cloudwatch\_log\_group\_name\_prefix) | Specifies the name prefix of CloudWatch Log Group for VPC flow logs. | `string` | `"/aws/vpc-flow-log/"` | no |
+| <a name="input_flow_log_cloudwatch_log_group_name_suffix"></a> [flow\_log\_cloudwatch\_log\_group\_name\_suffix](#input\_flow\_log\_cloudwatch\_log\_group\_name\_suffix) | Specifies the name suffix of CloudWatch Log Group for VPC flow logs. | `string` | `""` | no |
 | <a name="input_flow_log_cloudwatch_log_group_retention_in_days"></a> [flow\_log\_cloudwatch\_log\_group\_retention\_in\_days](#input\_flow\_log\_cloudwatch\_log\_group\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group for VPC flow logs. | `number` | `null` | no |
 | <a name="input_flow_log_destination_arn"></a> [flow\_log\_destination\_arn](#input\_flow\_log\_destination\_arn) | The ARN of the CloudWatch log group or S3 bucket where VPC Flow Logs will be pushed. If this ARN is a S3 bucket the appropriate permissions need to be set on that bucket's policy. When create\_flow\_log\_cloudwatch\_log\_group is set to false this argument must be provided. | `string` | `""` | no |
 | <a name="input_flow_log_destination_type"></a> [flow\_log\_destination\_type](#input\_flow\_log\_destination\_type) | Type of flow log destination. Can be s3 or cloud-watch-logs. | `string` | `"cloud-watch-logs"` | no |

From a859a7953f0693602b241ee20a48982d7f7a2831 Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Fri, 21 Oct 2022 13:19:08 +0200
Subject: [PATCH 4/4] Fixed example

---
 examples/vpc-flow-logs/main.tf | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/examples/vpc-flow-logs/main.tf b/examples/vpc-flow-logs/main.tf
index 9a524e6d1..d22b4eed7 100644
--- a/examples/vpc-flow-logs/main.tf
+++ b/examples/vpc-flow-logs/main.tf
@@ -67,7 +67,10 @@ module "vpc_with_flow_logs_cloudwatch_logs_default" {
   enable_flow_log                      = true
   create_flow_log_cloudwatch_log_group = true
   create_flow_log_cloudwatch_iam_role  = true
-  flow_log_max_aggregation_interval    = 60
+
+  flow_log_max_aggregation_interval         = 60
+  flow_log_cloudwatch_log_group_name_prefix = "/aws/my-amazing-vpc-flow-logz/"
+  flow_log_cloudwatch_log_group_name_suffix = "my-test"
 
   vpc_flow_log_tags = local.tags
 }