AWS Fundamentals Logo
AWS Fundamentals
AWS::EC2::FlowLog

EC2 FlowLog

Specifies a VPC flow log, which enables you to capture IP traffic for a specific network interface, subnet, or VPC.

Properties

12 configurable properties. 2 required. Click a row to see details.

Filter:
PropertyTypeFlags
ResourceId
string
RequiredCreate-only
ResourceType
string
RequiredCreate-only
DeliverCrossAccountRole
string
Create-only
DeliverLogsPermissionArn
string
Create-only
DestinationOptions
object
Create-only
LogDestination
string
Create-only
LogDestinationType
string
Create-only
LogFormat
string
Create-only
LogGroupName
string
Create-only
MaxAggregationInterval
integer
Create-only
Tags
Array<Tag>
TrafficType
string
Create-only

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

AttributeTypeDescription
IdstringThe Flow Log ID

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml
AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::EC2::FlowLog

Resources:
  MyResource:
    Type: AWS::EC2::FlowLog
    Properties:
      ResourceType: "NetworkInterface"
      ResourceId: "my-resourceid"
      Tags:
        - Key: Environment
          Value: Production

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

ec2:CreateFlowLogsec2:DescribeFlowLogsec2:CreateTagsiam:PassRolelogs:CreateLogDeliverys3:GetBucketPolicys3:PutBucketPolicy

read

ec2:DescribeFlowLogs

update

ec2:CreateTagsec2:DeleteTagsec2:DescribeFlowLogs

delete

ec2:DeleteFlowLogsec2:DescribeFlowLogslogs:DeleteLogDelivery

list

ec2:DescribeFlowLogs

Get the EC2 Cheat Sheet

Everything you need to know about EC2 on one page. HD quality, print-friendly.

Download Free Infographic

Quick Facts

ServiceEC2
Properties13
Required2
TaggingSupported
Primary IDId

Supported Operations

CreateReadUpdateDeleteList

Immutable After Creation

These properties cannot be changed after the resource is created. Updating them triggers a replacement.

DeliverCrossAccountRoleDeliverLogsPermissionArnLogGroupNameLogDestinationResourceIdTrafficTypeLogDestinationTypeResourceTypeLogFormatMaxAggregationIntervalDestinationOptions

Related Resources

External Links