ec2

package
v0.0.44 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 30, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

README

Vibe-io CDK-Extensions EC2 Construct Library

The @cdk-extensions/ec2 package contains advanced constructs and patterns for setting up networking and instances. The constructs presented here are intended to be replacements for equivalent AWS constructs in the CDK EC2 module, but with additional features included.

AWS CDK EC2 API Reference

To import and use this module within your CDK project:

import * as ec2 from 'cdk-extensions/ec2';

VPC Flow Logs

VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data can be published to Amazon CloudWatch Logs and Amazon S3. After you've created a flow log, you can retrieve and view its data in the chosen destination. AWS VPC Flow Logs User Guide AWS VPC Flow Logs CFN Documentation

For this construct, by default a S3 bucket will be created as the Flow Logs destination. It will also include a Glue table with the same schema as the configured FlowLogFormat, as well as prepared Athena queries.

Usage

You can create a flow log like this:

new ec2.FlowLog(this, 'FlowLog', {
  resourceType: ec2.FlowLogResourceType.fromVpc(myVpc)
})

You can also add multiple flow logs with different destinations.

const bucket = new s3.Bucket(this, 'MyCustomBucket');

new ec2.FlowLog(this, 'FlowLog', {
  resourceType: ec2.FlowLogResourceType.fromVpc(myVpc),
  destination: ec2.FlowLogDestination.toS3(bucket)
});

new ec2.FlowLog(this, 'FlowLogCloudWatch', {
  resourceType: ec2.FlowLogResourceType.fromVpc(myVpc),
  trafficType: ec2.FlowLogTrafficType.REJECT,
  maxAggregationInterval: FlowLogMaxAggregationInterval.ONE_MINUTE,
});
Additional Features

The main advantage that this module has over the official AWS CDK module is that you can specific the log format at the time of FlowLog creation like this:

new ec2.FlowLog(this, 'FlowLog', {
  resourceType: ec2.FlowLogResourceType.fromVpc(myVpc),
  format: ec2.FlowLogFormat.V3,
})

There are several formats that are included as part of the module, and each one will define the fields included in the flow log records. Each one acts similarly to a log level (Info, Debug, etc), with each level providing increasingly more detail in the logs (like region or AZ details, or AWS service details).

The formats and descriptions are as follows:

  • ec2.FlowLogFormat.V2: The default format if none is specified. Includes common basic details like log status, account ID, source and destination.
  • ec2.FlowLogFormat.V3: Includes all fields from V2, as well as information on the specific AWS resources associated with the traffic like Vpc, subnet and instance IDs.
  • ec2.FlowLogFormat.V4: Includes all fields from V3, as well as information about the region and AZ associated with the traffic.
  • ec2.FlowLogFormat.V5: Includes all fields from V4, as well as information that provides visibility on packet routing.
Caveats

With the offical AWS CDK VPC construct, you can normally add a Flow Log to a VPC by using the addFlowLog() method like this:

const vpc = new ec2.Vpc(this, 'Vpc');

vpc.addFlowLog('FlowLog');

However, this will not include the additional FlowLogFormat functionality provided by the FlowLog construct in this module.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func FlowLog_IsConstruct 

func FlowLog_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func FlowLog_IsOwnedResource 

func FlowLog_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func FlowLog_IsResource 

func FlowLog_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func NewFlowLogDestination_Override 

func NewFlowLogDestination_Override(f FlowLogDestination)

func NewFlowLogField_Override 

func NewFlowLogField_Override(f FlowLogField, name *string, type_ FlowLogDataType)

Creates a new instance of the FlowLogField class.

func NewFlowLogFormat_Override 

func NewFlowLogFormat_Override(f FlowLogFormat, fields ...FlowLogField)

Creates a new instance of the FlowLogFormat class.

func NewFlowLog_Override 

func NewFlowLog_Override(f FlowLog, scope constructs.IConstruct, id *string, props *FlowLogProps)

Creates a new instance of the FlowLog class.

Types

type FlowLog 

type FlowLog interface {
	awscdk.Resource
	awsec2.IFlowLog
	// The location where flow logs should be delivered.
	// See: [FlowLog LogDestinationType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-flowlog.html#cfn-ec2-flowlog-logdestinationtype)
	//
	Destination() FlowLogDestination
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The Amazon Resource Name (ARN) of the flow log.
	FlowLogArn() *string
	// The ID of the flow log.
	FlowLogId() *string
	// The fields to include in the flow log record, in the order in which they should appear.
	//
	// For a list of available fields, see {@link FlowLogField}.
	// See: [FlowLog LogFormat](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-flowlog.html#cfn-ec2-flowlog-logformat)
	//
	Format() FlowLogFormat
	// The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record.
	// See: [FlowLog MaxAggregationInterval](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-flowlog.html#cfn-ec2-flowlog-maxaggregationinterval)
	//
	MaxAggregationInterval() FlowLogAggregationInterval
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//    cross-environment scenarios.
	PhysicalName() *string
	// The underlying FlowLog CloudFormation resource.
	// See: [AWS::EC2::FlowLog](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-flowlog.html)
	//
	Resource() awsec2.CfnFlowLog
	// Details for the resource from which flow logs will be captured.
	// See: [FlowLog ResourceType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-flowlog.html#cfn-ec2-flowlog-resourcetype)
	//
	ResourceType() awsec2.FlowLogResourceType
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// The type of traffic to monitor (accepted traffic, rejected traffic, or all traffic).
	// See: [FlowLog TrafficType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-flowlog.html#cfn-ec2-flowlog-traffictype)
	//
	TrafficType() awsec2.FlowLogTrafficType
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

func NewFlowLog 

func NewFlowLog(scope constructs.IConstruct, id *string, props *FlowLogProps) FlowLog

Creates a new instance of the FlowLog class.

type FlowLogAggregationInterval 

type FlowLogAggregationInterval string
const (
	// Flow logs will be written at least every 60 seconds.
	FlowLogAggregationInterval_ONE_MINUTE FlowLogAggregationInterval = "ONE_MINUTE"
	// Flow logs will be written at least every ten minutes.
	FlowLogAggregationInterval_TEN_MINUTES FlowLogAggregationInterval = "TEN_MINUTES"
)

type FlowLogDataType 

type FlowLogDataType string
const (
	// 32 bit signed int.
	FlowLogDataType_INT_32 FlowLogDataType = "INT_32"
	// 64 bit signed int.
	FlowLogDataType_INT_64 FlowLogDataType = "INT_64"
	// UTF-8 encoded character string.
	FlowLogDataType_STRING FlowLogDataType = "STRING"
)

type FlowLogDestination 

type FlowLogDestination interface {
	ILogDestination
	// Returns a configuration object with all the fields and resources needed to configure a flow log to write to the destination.
	Bind(scope constructs.IConstruct) *FlowLogDestinationConfig
}

Represents a resource that can act as a deliver endpoint for captured flow logs.

func FlowLogDestination_ToCloudWatchLogs 

func FlowLogDestination_ToCloudWatchLogs(logGroup awslogs.ILogGroup, role awsiam.IRole) FlowLogDestination

Represents a CloudWatch log group that will serve as the endpoint where flow logs should be delivered.

Returns: A configuration object containing details on how to set up logging to the log group. See: [Publish flow logs to CloudWatch Logs](https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-cwl.html)

func FlowLogDestination_ToS3 

func FlowLogDestination_ToS3(bucket awss3.IBucket, options *FlowLogS3Options) FlowLogDestination

Represents a CloudWatch log group that will serve as the endpoint where flow logs should be delivered.

Returns: A configuration object containing details on how to set up logging to the bucket. See: [Publish flow logs to Amazon S3](https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-s3.html)

type FlowLogDestinationConfig 

type FlowLogDestinationConfig struct {
	// The type of destination for the flow log data.
	// See: [FlowLog LogDestinationType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-flowlog.html#cfn-ec2-flowlog-logdestinationtype)
	//
	DestinationType awsec2.FlowLogDestinationType `field:"required" json:"destinationType" yaml:"destinationType"`
	// An S3 bucket where logs should be delivered.
	// See: [FlowLog LogDestination](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-flowlog.html#cfn-ec2-flowlog-logdestination)
	//
	Bucket awss3.IBucket `field:"optional" json:"bucket" yaml:"bucket"`
	// Additional options that control the format and behavior of logs delivered to the destination.
	DestinationOptions *map[string]interface{} `field:"optional" json:"destinationOptions" yaml:"destinationOptions"`
	// A CloudWatch LogGroup where logs should be delivered.
	// See: [FlowLog LogDestination](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-flowlog.html#cfn-ec2-flowlog-logdestination)
	//
	LogGroup awslogs.ILogGroup `field:"optional" json:"logGroup" yaml:"logGroup"`
	// The ARN of the IAM role that allows Amazon EC2 to publish flow logs in your account.
	// See: [FlowLog DeliverLogsPermissionArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-flowlog.html#cfn-ec2-flowlog-deliverlogspermissionarn)
	//
	Role awsiam.IRole `field:"optional" json:"role" yaml:"role"`
	// An Amazon Resource Name (ARN) for the S3 destination where log files are to be delivered.
	//
	// If a custom prefix is being added the ARN should reflect that prefix.
	// See: [FlowLog LogDestination](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-flowlog.html#cfn-ec2-flowlog-logdestination)
	//
	S3Path *string `field:"optional" json:"s3Path" yaml:"s3Path"`
}

A configuration object providing the details necessary to set up log delivery to a given destination.

type FlowLogField 

type FlowLogField interface {
	// The name of the Flow Log field, as it should be used when building a format string.
	Name() *string
	// The data type of the field as it would appear in Parquet.
	//
	// For
	// information on the type for various files, see documentation on the
	// [available fields](https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-logs-fields).
	Type() FlowLogDataType
}

func FlowLogField_ACCOUNT_ID 

func FlowLogField_ACCOUNT_ID() FlowLogField

func FlowLogField_ACTION 

func FlowLogField_ACTION() FlowLogField

func FlowLogField_AZ_ID 

func FlowLogField_AZ_ID() FlowLogField

func FlowLogField_BYTES 

func FlowLogField_BYTES() FlowLogField

func FlowLogField_DSTADDR 

func FlowLogField_DSTADDR() FlowLogField

func FlowLogField_DSTPORT 

func FlowLogField_DSTPORT() FlowLogField

func FlowLogField_END 

func FlowLogField_END() FlowLogField

func FlowLogField_FLOW_DIRECTION 

func FlowLogField_FLOW_DIRECTION() FlowLogField

func FlowLogField_INSTANCE_ID 

func FlowLogField_INSTANCE_ID() FlowLogField

func FlowLogField_INTERFACE_ID 

func FlowLogField_INTERFACE_ID() FlowLogField

func FlowLogField_LOG_STATUS 

func FlowLogField_LOG_STATUS() FlowLogField

func FlowLogField_PACKETS 

func FlowLogField_PACKETS() FlowLogField

func FlowLogField_PKT_DSTADDR 

func FlowLogField_PKT_DSTADDR() FlowLogField

func FlowLogField_PKT_DST_AWS_SERVICE 

func FlowLogField_PKT_DST_AWS_SERVICE() FlowLogField

func FlowLogField_PKT_SRCADDR 

func FlowLogField_PKT_SRCADDR() FlowLogField

func FlowLogField_PKT_SRC_AWS_SERVICE 

func FlowLogField_PKT_SRC_AWS_SERVICE() FlowLogField

func FlowLogField_PROTOCOL 

func FlowLogField_PROTOCOL() FlowLogField

func FlowLogField_REGION 

func FlowLogField_REGION() FlowLogField

func FlowLogField_SRCADDR 

func FlowLogField_SRCADDR() FlowLogField

func FlowLogField_SRCPORT 

func FlowLogField_SRCPORT() FlowLogField

func FlowLogField_START 

func FlowLogField_START() FlowLogField

func FlowLogField_SUBLOCATION_ID 

func FlowLogField_SUBLOCATION_ID() FlowLogField

func FlowLogField_SUBLOCATION_TYPE 

func FlowLogField_SUBLOCATION_TYPE() FlowLogField

func FlowLogField_SUBNET_ID 

func FlowLogField_SUBNET_ID() FlowLogField

func FlowLogField_TCP_FLAGS 

func FlowLogField_TCP_FLAGS() FlowLogField

func FlowLogField_TRAFFIC_PATH 

func FlowLogField_TRAFFIC_PATH() FlowLogField

func FlowLogField_TYPE 

func FlowLogField_TYPE() FlowLogField

func FlowLogField_VERSION 

func FlowLogField_VERSION() FlowLogField

func FlowLogField_VPC_ID 

func FlowLogField_VPC_ID() FlowLogField

func NewFlowLogField 

func NewFlowLogField(name *string, type_ FlowLogDataType) FlowLogField

Creates a new instance of the FlowLogField class.

type FlowLogFileFormat 

type FlowLogFileFormat string

The file format options for flow log files delivered to S3. See: [Flow log files](https://docs.aws.amazon.com/vpc/latest/tgw/flow-logs-s3.html#flow-logs-s3-path) 

const (
	// Apache Parquet is a columnar data format.
	//
	// Queries on data in Parquet
	// format are 10 to 100 times faster compared to queries on data in plain
	// text. Data in Parquet format with Gzip compression takes 20 percent less
	// storage space than plain text with Gzip compression.
	FlowLogFileFormat_PARQUET FlowLogFileFormat = "PARQUET"
	// Plain text.
	//
	// This is the default format.
	FlowLogFileFormat_PLAIN_TEXT FlowLogFileFormat = "PLAIN_TEXT"
)

type FlowLogFormat 

type FlowLogFormat interface {
	// The fields that make up the flow log format, in the order that they should appear in the log entries.
	Fields() *[]FlowLogField
	// The rendered format string in the format expected by AWS when creating a new Flow Log.
	Template() *string
	// Adds a new field to the flow log output.
	//
	// New fields are added at the
	// end of a log entry after all the other fields that came before it.
	AddField(field FlowLogField)
}

func FlowLogFormat_V2 

func FlowLogFormat_V2() FlowLogFormat

func FlowLogFormat_V3 

func FlowLogFormat_V3() FlowLogFormat

func FlowLogFormat_V4 

func FlowLogFormat_V4() FlowLogFormat

func FlowLogFormat_V5 

func FlowLogFormat_V5() FlowLogFormat

func NewFlowLogFormat 

func NewFlowLogFormat(fields ...FlowLogField) FlowLogFormat

Creates a new instance of the FlowLogFormat class.

type FlowLogProps 

type FlowLogProps struct {
	// The AWS account ID this resource belongs to.
	Account *string `field:"optional" json:"account" yaml:"account"`
	// ARN to deduce region and account from.
	//
	// The ARN is parsed and the account and region are taken from the ARN.
	// This should be used for imported resources.
	//
	// Cannot be supplied together with either `account` or `region`.
	EnvironmentFromArn *string `field:"optional" json:"environmentFromArn" yaml:"environmentFromArn"`
	// The value passed in by users to the physical name prop of the resource.
	//
	// - `undefined` implies that a physical name will be allocated by
	//    CloudFormation during deployment.
	// - a concrete value implies a specific physical name
	// - `PhysicalName.GENERATE_IF_NEEDED` is a marker that indicates that a physical will only be generated
	//    by the CDK if it is needed for cross-environment references. Otherwise, it will be allocated by CloudFormation.
	PhysicalName *string `field:"optional" json:"physicalName" yaml:"physicalName"`
	// The AWS region this resource belongs to.
	Region *string `field:"optional" json:"region" yaml:"region"`
	// Details for the resource from which flow logs will be captured.
	// See: [FlowLog ResourceType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-flowlog.html#cfn-ec2-flowlog-resourcetype)
	//
	ResourceType awsec2.FlowLogResourceType `field:"required" json:"resourceType" yaml:"resourceType"`
	// The location where flow logs should be delivered.
	// See: [FlowLog LogDestinationType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-flowlog.html#cfn-ec2-flowlog-logdestinationtype)
	//
	Destination FlowLogDestination `field:"optional" json:"destination" yaml:"destination"`
	// The fields to include in the flow log record, in the order in which they should appear.
	//
	// For a list of available fields, see {@link FlowLogField}.
	// See: [FlowLog LogFormat](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-flowlog.html#cfn-ec2-flowlog-logformat)
	//
	Format FlowLogFormat `field:"optional" json:"format" yaml:"format"`
	// The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record.
	// See: [FlowLog MaxAggregationInterval](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-flowlog.html#cfn-ec2-flowlog-maxaggregationinterval)
	//
	MaxAggregationInterval FlowLogAggregationInterval `field:"optional" json:"maxAggregationInterval" yaml:"maxAggregationInterval"`
	// The type of traffic to monitor (accepted traffic, rejected traffic, or all traffic).
	// See: [FlowLog TrafficType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-flowlog.html#cfn-ec2-flowlog-traffictype)
	//
	TrafficType awsec2.FlowLogTrafficType `field:"optional" json:"trafficType" yaml:"trafficType"`
}

Configuration for the FlowLog class.

type FlowLogS3Options 

type FlowLogS3Options struct {
	// The file format in which flow logs should be delivered to S3.
	// See: [Flow log files](https://docs.aws.amazon.com/vpc/latest/tgw/flow-logs-s3.html#flow-logs-s3-path)
	//
	FileFormat FlowLogFileFormat `field:"optional" json:"fileFormat" yaml:"fileFormat"`
	// Controls the format of partitions ("folders") when the flow logs are delivered to S3.
	//
	// By default, flow logs are delivered partitioned such that each part of
	// the S3 path represents a values pertaining to details of the log.
	//
	// When hive compatible partitions are enabled, partitions will be
	// structured such that keys declaring the partition name are added at
	// each level.
	//
	// An example of standard partitioning:
	// “`
	// /us-east-1/2020/03/08/log.tar.gz
	// “`
	//
	// An example with Hive compatible partitions:
	// “`
	// /region=us-east-1/year=2020/month=03/day=08/log.tar.gz
	// “`.
	// See: [AWS Big Data Blog](https://aws.amazon.com/blogs/big-data/optimize-performance-and-reduce-costs-for-network-analytics-with-vpc-flow-logs-in-apache-parquet-format/)
	//
	HiveCompatiblePartitions *bool `field:"optional" json:"hiveCompatiblePartitions" yaml:"hiveCompatiblePartitions"`
	// An optional prefix that will be added to the start of all flow log files delivered to the S3 bucket.
	// See: [FlowLog LogDestination](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-flowlog.html#cfn-ec2-flowlog-logdestination)
	//
	KeyPrefix *string `field:"optional" json:"keyPrefix" yaml:"keyPrefix"`
	// Indicates whether to partition the flow log per hour.
	//
	// By default, flow logs are partitioned (organized into S3 "folders") by
	// day.
	//
	// Setting this to true will add an extra layer of directories splitting
	// flow log files by the hour in which they were delivered.
	// See: [Flow log files](https://docs.aws.amazon.com/vpc/latest/tgw/flow-logs-s3.html#flow-logs-s3-path)
	//
	PerHourPartition *bool `field:"optional" json:"perHourPartition" yaml:"perHourPartition"`
}

type ILogDestination 

type ILogDestination interface {
	Bind(scope constructs.IConstruct) *FlowLogDestinationConfig
}

Represents a resource that can act as a deliver endpoint for captured flow logs.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.