aws.transit-attachment¶
Filters¶
Actions¶
set-flow-log¶
Set flow logs for a network resource
- example:
policies:
- name: vpc-enable-flow-logs
resource: vpc
filters:
- type: flow-logs
enabled: false
actions:
- type: set-flow-log
attrs:
DeliverLogsPermissionArn: arn:iam:role
LogGroupName: /custodian/vpc/flowlogs/
attrs are passed through to create_flow_log and are per the api documentation
properties:
DeliverLogsPermissionArn:
type: string
LogDestination:
type: string
LogDestinationType:
enum:
- s3
- cloud-watch-logs
LogFormat:
type: string
LogGroupName:
type: string
MaxAggregationInterval:
type: integer
TrafficType:
enum:
- ACCEPT
- REJECT
- ALL
type: string
attrs:
type: object
state:
type: boolean
type:
enum:
- set-flow-log
required:
- type
Permissions - ec2:CreateFlowLogs, logs:CreateLogGroup