Class CfnFlowLog
A CloudFormation AWS::EC2::FlowLog
.
Inherited Members
Namespace: Amazon.CDK.AWS.EC2
Assembly: Amazon.CDK.AWS.EC2.dll
Syntax (csharp)
public class CfnFlowLog : CfnResource, IConstruct, IDependable, IInspectable
Syntax (vb)
Public Class CfnFlowLog
Inherits CfnResource
Implements IConstruct, IDependable, IInspectable
Remarks
Specifies a VPC flow log that captures IP traffic for a specified network interface, subnet, or VPC. To view the log data, use Amazon CloudWatch Logs (CloudWatch Logs) to help troubleshoot connection issues. For example, you can use a flow log to investigate why certain traffic isn't reaching an instance, which can help you diagnose overly restrictive security group rules. For more information, see VPC Flow Logs in the Amazon VPC User Guide .
CloudformationResource: AWS::EC2::FlowLog
Link: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-flowlog.html
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.EC2;
var destinationOptions;
var cfnFlowLog = new CfnFlowLog(this, "MyCfnFlowLog", new CfnFlowLogProps {
ResourceId = "resourceId",
ResourceType = "resourceType",
// the properties below are optional
DeliverLogsPermissionArn = "deliverLogsPermissionArn",
DestinationOptions = destinationOptions,
LogDestination = "logDestination",
LogDestinationType = "logDestinationType",
LogFormat = "logFormat",
LogGroupName = "logGroupName",
MaxAggregationInterval = 123,
Tags = new [] { new CfnTag {
Key = "key",
Value = "value"
} },
TrafficType = "trafficType"
});
Synopsis
Constructors
CfnFlowLog(Construct, String, ICfnFlowLogProps) | Create a new |
CfnFlowLog(ByRefValue) | Used by jsii to construct an instance of this class from a Javascript-owned object reference |
CfnFlowLog(DeputyBase.DeputyProps) | Used by jsii to construct an instance of this class from DeputyProps |
Properties
AttrId | The ID of the flow log. |
CFN_RESOURCE_TYPE_NAME | The CloudFormation resource type name for this resource class. |
CfnProperties | |
DeliverLogsPermissionArn | The ARN of the IAM role that allows Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account. |
DestinationOptions | The destination options. The following options are supported:. |
LogDestination | The destination for the flow log data. The meaning of this parameter depends on the destination type. |
LogDestinationType | The type of destination for the flow log data. |
LogFormat | The fields to include in the flow log record, in the order in which they should appear. |
LogGroupName | The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs. |
MaxAggregationInterval | The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. |
ResourceId | The ID of the resource to monitor. |
ResourceType | The type of resource to monitor. |
Tags | The tags to apply to the flow logs. |
TrafficType | The type of traffic to monitor (accepted traffic, rejected traffic, or all traffic). |
Methods
Inspect(TreeInspector) | Examines the CloudFormation resource and discloses attributes. |
RenderProperties(IDictionary<String, Object>) |
Constructors
CfnFlowLog(Construct, String, ICfnFlowLogProps)
Create a new AWS::EC2::FlowLog
.
public CfnFlowLog(Construct scope, string id, ICfnFlowLogProps props)
Parameters
- scope Construct
- scope in which this resource is defined.
- id System.String
- scoped id of the resource.
- props ICfnFlowLogProps
- resource properties.
CfnFlowLog(ByRefValue)
Used by jsii to construct an instance of this class from a Javascript-owned object reference
protected CfnFlowLog(ByRefValue reference)
Parameters
- reference Amazon.JSII.Runtime.Deputy.ByRefValue
The Javascript-owned object reference
CfnFlowLog(DeputyBase.DeputyProps)
Used by jsii to construct an instance of this class from DeputyProps
protected CfnFlowLog(DeputyBase.DeputyProps props)
Parameters
- props Amazon.JSII.Runtime.Deputy.DeputyBase.DeputyProps
The deputy props
Properties
AttrId
The ID of the flow log.
public virtual string AttrId { get; }
Property Value
System.String
Remarks
For example, fl-123456abc123abc1
.
CloudformationAttribute: Id
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
public static string CFN_RESOURCE_TYPE_NAME { get; }
Property Value
System.String
CfnProperties
protected override IDictionary<string, object> CfnProperties { get; }
Property Value
System.Collections.Generic.IDictionary<System.String, System.Object>
Overrides
DeliverLogsPermissionArn
The ARN of the IAM role that allows Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account.
public virtual string DeliverLogsPermissionArn { get; set; }
Property Value
System.String
Remarks
This parameter is required if the destination type is cloud-watch-logs
and unsupported otherwise.
DestinationOptions
The destination options. The following options are supported:.
public virtual object DestinationOptions { get; set; }
Property Value
System.Object
Remarks
LogDestination
The destination for the flow log data. The meaning of this parameter depends on the destination type.
public virtual string LogDestination { get; set; }
Property Value
System.String
Remarks
arn:aws:logs: region : account_id :log-group: my_group
Alternatively, use the LogGroupName
parameter.
arn:aws:s3::: my_bucket / my_subfolder /
The subfolder is optional. Note that you can't use AWSLogs
as a subfolder name.
arn:aws:firehose: region : account_id :deliverystream: my_stream
LogDestinationType
The type of destination for the flow log data.
public virtual string LogDestinationType { get; set; }
Property Value
System.String
Remarks
Default: cloud-watch-logs
LogFormat
The fields to include in the flow log record, in the order in which they should appear.
public virtual string LogFormat { get; set; }
Property Value
System.String
Remarks
If you omit this parameter, the flow log is created using the default format. If you specify this parameter, you must include at least one field. For more information about the available fields, see Flow log records in the Amazon VPC User Guide or Transit Gateway Flow Log records in the AWS Transit Gateway Guide .
Specify the fields using the ${field-id}
format, separated by spaces.
LogGroupName
The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs.
public virtual string LogGroupName { get; set; }
Property Value
System.String
Remarks
This parameter is valid only if the destination type is cloud-watch-logs
.
MaxAggregationInterval
The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record.
public virtual Nullable<double> MaxAggregationInterval { get; set; }
Property Value
System.Nullable<System.Double>
Remarks
The possible values are 60 seconds (1 minute) or 600 seconds (10 minutes). This parameter must be 60 seconds for transit gateway resource types.
When a network interface is attached to a Nitro-based instance , the aggregation interval is always 60 seconds or less, regardless of the value that you specify.
Default: 600
ResourceId
The ID of the resource to monitor.
public virtual string ResourceId { get; set; }
Property Value
System.String
Remarks
For example, if the resource type is VPC
, specify the ID of the VPC.
ResourceType
The type of resource to monitor.
public virtual string ResourceType { get; set; }
Property Value
System.String
Remarks
Tags
The tags to apply to the flow logs.
public virtual TagManager Tags { get; }
Property Value
Remarks
TrafficType
The type of traffic to monitor (accepted traffic, rejected traffic, or all traffic).
public virtual string TrafficType { get; set; }
Property Value
System.String
Remarks
This parameter is not supported for transit gateway resource types. It is required for the other resource types.
Methods
Inspect(TreeInspector)
Examines the CloudFormation resource and discloses attributes.
public virtual void Inspect(TreeInspector inspector)
Parameters
- inspector TreeInspector
- tree inspector to collect and process attributes.
RenderProperties(IDictionary<String, Object>)
protected override IDictionary<string, object> RenderProperties(IDictionary<string, object> props)
Parameters
- props System.Collections.Generic.IDictionary<System.String, System.Object>
Returns
System.Collections.Generic.IDictionary<System.String, System.Object>