UNPKG

@aws-cdk/aws-ec2

Version:

The CDK Construct Library for AWS::EC2

github.com/aws/aws-cdk

aws/aws-cdk

226 lines (225 loc) 5.41 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
import * as iam from '@aws-cdk/aws-iam'; import * as logs from '@aws-cdk/aws-logs'; import * as s3 from '@aws-cdk/aws-s3'; import { IResource, Resource } from '@aws-cdk/core'; import { Construct } from 'constructs'; import { ISubnet, IVpc } from './vpc'; import { Construct as CoreConstruct } from '@aws-cdk/core'; /** * A FlowLog * * */ export interface IFlowLog extends IResource { /** * The Id of the VPC Flow Log * * @attribute */ readonly flowLogId: string; } /** * The type of VPC traffic to log * * */ export declare enum FlowLogTrafficType { /** * Only log accepts */ ACCEPT = "ACCEPT", /** * Log all requests */ ALL = "ALL", /** * Only log rejects */ REJECT = "REJECT" } /** * The available destination types for Flow Logs * */ export declare enum FlowLogDestinationType { /** * Send flow logs to CloudWatch Logs Group */ CLOUD_WATCH_LOGS = "cloud-watch-logs", /** * Send flow logs to S3 Bucket */ S3 = "s3" } /** * The type of resource to create the flow log for * * */ export declare abstract class FlowLogResourceType { /** * The subnet to attach the Flow Log to */ static fromSubnet(subnet: ISubnet): FlowLogResourceType; /** * The VPC to attach the Flow Log to */ static fromVpc(vpc: IVpc): FlowLogResourceType; /** * The Network Interface to attach the Flow Log to */ static fromNetworkInterfaceId(id: string): FlowLogResourceType; /** * The type of resource to attach a flow log to. */ abstract resourceType: string; /** * The Id of the resource that the flow log should be attached to. */ abstract resourceId: string; } /** * The destination type for the flow log * * */ export declare abstract class FlowLogDestination { /** * Use CloudWatch logs as the destination */ static toCloudWatchLogs(logGroup?: logs.ILogGroup, iamRole?: iam.IRole): FlowLogDestination; /** * Use S3 as the destination */ static toS3(bucket?: s3.IBucket, keyPrefix?: string): FlowLogDestination; /** * Generates a flow log destination configuration */ abstract bind(scope: CoreConstruct, flowLog: FlowLog): FlowLogDestinationConfig; } /** * Flow Log Destination configuration * * */ export interface FlowLogDestinationConfig { /** * The type of destination to publish the flow logs to. * * @default - CLOUD_WATCH_LOGS */ readonly logDestinationType: FlowLogDestinationType; /** * The IAM Role that has access to publish to CloudWatch logs * * @default - default IAM role is created for you */ readonly iamRole?: iam.IRole; /** * The CloudWatch Logs Log Group to publish the flow logs to * * @default - default log group is created for you */ readonly logGroup?: logs.ILogGroup; /** * S3 bucket to publish the flow logs to * * @default - undefined */ readonly s3Bucket?: s3.IBucket; /** * S3 bucket key prefix to publish the flow logs to * * @default - undefined */ readonly keyPrefix?: string; } /** * Options to add a flow log to a VPC * * */ export interface FlowLogOptions { /** * The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic. * * @default ALL */ readonly trafficType?: FlowLogTrafficType; /** * Specifies the type of destination to which the flow log data is to be published. * Flow log data can be published to CloudWatch Logs or Amazon S3 * * @default FlowLogDestinationType.toCloudWatchLogs() */ readonly destination?: FlowLogDestination; } /** * Properties of a VPC Flow Log * * */ export interface FlowLogProps extends FlowLogOptions { /** * The name of the FlowLog * * It is not recommended to use an explicit name. * * @default If you don't specify a flowLogName, AWS CloudFormation generates a * unique physical ID and uses that ID for the group name. */ readonly flowLogName?: string; /** * The type of resource for which to create the flow log */ readonly resourceType: FlowLogResourceType; } /** * The base class for a Flow Log * * */ declare abstract class FlowLogBase extends Resource implements IFlowLog { /** * The Id of the VPC Flow Log * * @attribute */ abstract readonly flowLogId: string; } /** * A VPC flow log. * @resource AWS::EC2::FlowLog * * */ export declare class FlowLog extends FlowLogBase { /** * Import a Flow Log by it's Id */ static fromFlowLogId(scope: Construct, id: string, flowLogId: string): IFlowLog; /** * The Id of the VPC Flow Log * * @attribute */ readonly flowLogId: string; /** * The S3 bucket to publish flow logs to */ readonly bucket?: s3.IBucket; /** * S3 bucket key prefix to publish the flow logs under */ readonly keyPrefix?: string; /** * The iam role used to publish logs to CloudWatch */ readonly iamRole?: iam.IRole; /** * The CloudWatch Logs LogGroup to publish flow logs to */ readonly logGroup?: logs.ILogGroup; constructor(scope: Construct, id: string, props: FlowLogProps); } export {};