This module enables us to use AWS Flow logs: network traffic logs at VPC, subnet and ENI levels.
The module should be invoked in the cloud-platform-network folder.
module "flow_logs"{
source= "github.com/ministryofjustice/cloud-platform-terraform-flow-logs?ref=1.2"
# is_enabled=true
# vpc_id="my-vpc"
# OR subnet_id=
# OR eni_id=
# traffic_type="ALL"
}| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| is_enabled | bool | false | no | |
| vpc_id | VPC ID as the source of the flow log | string | no | |
| subnet_id | Subnet ID as the source of the flow log | string | no | |
| eni_id | ENI ID as the source of the flow log | string | no | |
| traffic_type | Type of network traffic to be logged | ACCEPT/REJECT/ALL |
ALL |
no |
Some of the inputs are tags. All infrastructure resources need to be tagged according to the MOJ techincal guidance. The tags are stored as variables that you will need to fill out as part of your module.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| application | string | - | yes | |
| business-unit | Area of the MOJ responsible for the service | string | mojdigital |
yes |
| environment-name | string | - | yes | |
| infrastructure-support | The team responsible for managing the infrastructure. Should be of the form team-email | string | - | yes |
| is-production | string | false |
yes | |
| team_name | string | - | yes |
| Name | Description |
|---|---|
| s3_bucket_arn | S3 bucket arn containing the flow_logs |
| s3_bucket_id | S3 bucket id containing the flow_logs |