| 12345678910111213141516171819 |
- # For now, we've left the standard VPC, but we still need it compliant.
- # If we change our minds, this would be a good place to delete the standard vpc.
- data "aws_vpcs" "foo" {
- filter {
- name = "isDefault"
- values = [ true ]
- }
- }
- resource "aws_flow_log" "flowlogs" {
- # Note: Flow log configuration is "special" here. For a generic version you can copy to your own module,
- # see the example in standard_vpc
- for_each = data.aws_vpcs.foo.ids
- iam_role_arn = aws_iam_role.flowlogs.arn
- log_destination = aws_cloudwatch_log_group.vpc_flow_logs.arn
- traffic_type = "REJECT" # CIS only requires reject, and "ALL" is expensive
- vpc_id = each.value
- }
|
