add support for additional flow log sources (#1)

Author: marcincuber

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
 - repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v4.1.0
+  rev: v4.4.0
   hooks:
   - id: check-added-large-files
     args: ['--maxkb=500']
@@ -17,8 +17,8 @@ repos:
   - id: detect-aws-credentials
     args: ['--allow-missing-credentials']
   - id: trailing-whitespace
-- repo: git://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.62.3
+- repo: https://github.com/antonbabenko/pre-commit-terraform
+  rev: v1.76.0
   hooks:
   - id: terraform_fmt
   - id: terraform_docs

README.md

@@ -47,9 +47,9 @@ No modules.
 
 | Name | Type |
 |------|------|
-| [aws_cloudwatch_log_group.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
-| [aws_flow_log.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/flow_log) | resource |
-| [aws_iam_role.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_cloudwatch_log_group.flow_logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
+| [aws_flow_log.flow_logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/flow_log) | resource |
+| [aws_iam_role.flow_logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_policy_document.cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 
 ## Inputs
@@ -60,18 +60,21 @@ No modules.
 | <a name="input_max_aggregation_interval"></a> [max\_aggregation\_interval](#input\_max\_aggregation\_interval) | The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes) | `string` | `"600"` | no |
 | <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | A prefix used for naming resources. | `string` | n/a | yes |
 | <a name="input_retention_in_days"></a> [retention\_in\_days](#input\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group. | `string` | `null` | no |
+| <a name="input_subnet_id"></a> [subnet\_id](#input\_subnet\_id) | Subnet ID to attach to. | `string` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Default tags attached to all resources. | `map(string)` | `{}` | no |
 | <a name="input_traffic_type"></a> [traffic\_type](#input\_traffic\_type) | The type of traffic to capture. Valid values: ACCEPT, REJECT, ALL. | `string` | `"ALL"` | no |
-| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID where resources will be created and flow logs enabled. | `string` | n/a | yes |
+| <a name="input_transit_gateway_attachment_id"></a> [transit\_gateway\_attachment\_id](#input\_transit\_gateway\_attachment\_id) | Transit Gateway Attachment ID to attach to. | `string` | `null` | no |
+| <a name="input_transit_gateway_id"></a> [transit\_gateway\_id](#input\_transit\_gateway\_id) | Transit Gateway ID to attach to. | `string` | `null` | no |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID where resources will be created and flow logs enabled. | `string` | `null` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| <a name="output_vpc_flow_logs_cloudwatch_group_arn"></a> [vpc\_flow\_logs\_cloudwatch\_group\_arn](#output\_vpc\_flow\_logs\_cloudwatch\_group\_arn) | The ARN specifying the log group used by Flow Logs. |
-| <a name="output_vpc_flow_logs_id"></a> [vpc\_flow\_logs\_id](#output\_vpc\_flow\_logs\_id) | The Flow Log ID. |
-| <a name="output_vpc_flow_logs_role_arn"></a> [vpc\_flow\_logs\_role\_arn](#output\_vpc\_flow\_logs\_role\_arn) | The ARN specifying the role used by Flow Logs. |
-| <a name="output_vpc_flow_logs_role_id"></a> [vpc\_flow\_logs\_role\_id](#output\_vpc\_flow\_logs\_role\_id) | The ID specifying the role used by Flow Logs. |
+| <a name="output_flow_logs_cloudwatch_group_arn"></a> [flow\_logs\_cloudwatch\_group\_arn](#output\_flow\_logs\_cloudwatch\_group\_arn) | The ARN specifying the log group used by Flow Logs. |
+| <a name="output_flow_logs_id"></a> [flow\_logs\_id](#output\_flow\_logs\_id) | The Flow Log ID. |
+| <a name="output_flow_logs_role_arn"></a> [flow\_logs\_role\_arn](#output\_flow\_logs\_role\_arn) | The ARN specifying the role used by Flow Logs. |
+| <a name="output_flow_logs_role_id"></a> [flow\_logs\_role\_id](#output\_flow\_logs\_role\_id) | The ID specifying the role used by Flow Logs. |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 ## License

examples/core/main.tf

@@ -1,5 +1,16 @@
 provider "aws" {
-  region = "eu-west-1"
+  region = "eu-west-2"
+}
+
+terraform {
+  required_version = ">= 1.3"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.41"
+    }
+  }
 }
 
 module "flow-logs" {

main.tf

@@ -1,14 +1,14 @@
-resource "aws_cloudwatch_log_group" "vpc" {
-  name = "${var.name_prefix}-vpc-flow-logs"
+resource "aws_cloudwatch_log_group" "flow_logs" {
+  name = "${var.name_prefix}-flow-logs"
 
   retention_in_days = var.retention_in_days
   kms_key_id        = var.kms_key_id
 
   tags = var.tags
 }
 
-resource "aws_iam_role" "vpc" {
-  name = "${var.name_prefix}-vpc-flow-logs"
+resource "aws_iam_role" "flow_logs" {
+  name = "${var.name_prefix}-flow-logs"
 
   assume_role_policy = jsonencode(
     {
@@ -33,14 +33,18 @@ resource "aws_iam_role" "vpc" {
   tags = var.tags
 }
 
-resource "aws_flow_log" "vpc" {
+resource "aws_flow_log" "flow_logs" {
   log_destination_type = "cloud-watch-logs"
-  log_destination      = aws_cloudwatch_log_group.vpc.arn
+  log_destination      = aws_cloudwatch_log_group.flow_logs.arn
 
-  iam_role_arn = aws_iam_role.vpc.arn
-  vpc_id       = var.vpc_id
+  iam_role_arn = aws_iam_role.flow_logs.arn
   traffic_type = var.traffic_type
 
+  vpc_id                        = var.vpc_id
+  subnet_id                     = var.subnet_id
+  transit_gateway_id            = var.transit_gateway_id
+  transit_gateway_attachment_id = var.transit_gateway_attachment_id
+
   max_aggregation_interval = var.max_aggregation_interval
 
   tags = var.tags

outputs.tf

@@ -1,19 +1,19 @@
-output "vpc_flow_logs_id" {
-  value       = aws_flow_log.vpc.id
+output "flow_logs_id" {
+  value       = aws_flow_log.flow_logs.id
   description = "The Flow Log ID."
 }
 
-output "vpc_flow_logs_role_arn" {
-  value       = aws_iam_role.vpc.arn
+output "flow_logs_role_arn" {
+  value       = aws_iam_role.flow_logs.arn
   description = "The ARN specifying the role used by Flow Logs."
 }
 
-output "vpc_flow_logs_role_id" {
-  value       = aws_iam_role.vpc.id
+output "flow_logs_role_id" {
+  value       = aws_iam_role.flow_logs.id
   description = "The ID specifying the role used by Flow Logs."
 }
 
-output "vpc_flow_logs_cloudwatch_group_arn" {
-  value       = aws_cloudwatch_log_group.vpc.arn
+output "flow_logs_cloudwatch_group_arn" {
+  value       = aws_cloudwatch_log_group.flow_logs.arn
   description = "The ARN specifying the log group used by Flow Logs."
 }

variables.tf

@@ -3,11 +3,6 @@ variable "name_prefix" {
   type        = string
 }
 
-variable "vpc_id" {
-  type        = string
-  description = "VPC ID where resources will be created and flow logs enabled."
-}
-
 variable "tags" {
   type        = map(string)
   description = "Default tags attached to all resources."
@@ -37,3 +32,27 @@ variable "max_aggregation_interval" {
   description = "The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes)"
   default     = "600"
 }
+
+variable "vpc_id" {
+  type        = string
+  description = "VPC ID where resources will be created and flow logs enabled."
+  default     = null
+}
+
+variable "subnet_id" {
+  type        = string
+  description = "Subnet ID to attach to."
+  default     = null
+}
+
+variable "transit_gateway_id" {
+  type        = string
+  description = "Transit Gateway ID to attach to."
+  default     = null
+}
+
+variable "transit_gateway_attachment_id" {
+  type        = string
+  description = "Transit Gateway Attachment ID to attach to."
+  default     = null
+}