File tree Expand file tree Collapse file tree 2 files changed +27
-4
lines changed Expand file tree Collapse file tree 2 files changed +27
-4
lines changed Original file line number Diff line number Diff line change @@ -10,7 +10,7 @@ resource "aws_apigatewayv2_stage" "main" {
1010 auto_deploy = true
1111
1212 access_log_settings {
13- destination_arn = . api_gateway_access_logs . arn
13+ destination_arn = . api_gateway_access_log . arn
1414 format = " $context.identity.sourceIp - [$context.requestTime] \" $context.routeKey $context.protocol\" $context.status $context.responseLength $context.requestId"
1515 }
1616
Original file line number Diff line number Diff line change @@ -4,11 +4,34 @@ resource "aws_api_gateway_account" "main" {
44}
55
66# tfsec:ignore:aws-cloudwatch-log-group-customer-key
7- resource "aws_cloudwatch_log_group" "api_gateway_access_logs " {
8- name = " /aws/apigateway/SOAT-TC_API_Gateway_Access_Logs "
7+ resource "aws_cloudwatch_log_group" "api_gateway_access_log " {
8+ name = " /aws/apigateway/SOAT-TC_API_Gateway_Access_Log "
99 retention_in_days = 30
1010
1111 tags =
12- Name : " SOAT-TC API Gateway Default Stage Access Logs"
12+ Name : " SOAT-TC API Gateway Default Stage Access Log Cloudwatch Log Group"
13+ }
14+ }
15+
16+ resource "aws_flow_log" "vpc" {
17+ iam_role_arn = . aws_iam_role . lab_role . arn
18+ log_destination = . vpc_flow_log . arn
19+ traffic_type = " ALL"
20+ vpc_id = . main . id
21+
22+ max_aggregation_interval = 60
23+
24+ tags =
25+ Name : " SOAT-TC VPC Flow Log"
26+ }
27+ }
28+
29+ # tfsec:ignore:aws-cloudwatch-log-group-customer-key
30+ resource "aws_cloudwatch_log_group" "vpc_flow_log" {
31+ name = " /aws/apigateway/SOAT-TC_VPC_Flow_Logs"
32+ retention_in_days = 30
33+
34+ tags =
35+ Name : " SOAT-TC VPC Flow Log Cloudwatch Log Group"
1336 }
1437}
You can’t perform that action at this time.
0 commit comments