From efa7d8c62ab74f9f64763eb24713ad1b03040bc4 Mon Sep 17 00:00:00 2001 From: bhoff Date: Thu, 19 Dec 2024 15:06:18 -0800 Subject: [PATCH] IT-2314 add flow logging --- common/vpc_stack.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/common/vpc_stack.py b/common/vpc_stack.py index 78b8af8..74c1830 100644 --- a/common/vpc_stack.py +++ b/common/vpc_stack.py @@ -2,11 +2,13 @@ from aws_cdk import (Stack, aws_ec2 as ec2, + aws_s3 as s3, Tags) from constructs import Construct VPC_CIDR_CONTEXT= "VPC_CIDR" +FLOW_LOGS_BUCKET="sagebase-vpc-flow-logs-bucket-bucket-5lvxjv2gp37h" class VpcStack(Stack): @@ -18,6 +20,10 @@ def __init__(self, scope: Construct, context: str, env: dict, **kwargs) -> None: cidr=env.get(VPC_CIDR_CONTEXT), max_azs=2) + bucket_arn=f"arn:aws:s3:::{FLOW_LOGS_BUCKET}" + bucket=s3.Bucket.from_bucket_attributes(self, id=FLOW_LOGS_BUCKET, bucket_arn=bucket_arn) + self.vpc.add_flow_log(f"{stack_id}-FlowLogS3",destination=ec2.FlowLogDestination.to_s3(bucket=bucket)) + # Tag all resources in this Stack's scope with context tags for key, value in env.get(config.TAGS_CONTEXT).items(): Tags.of(scope).add(key, value)