cloud watch log group encryption

Ajay-sops · Ajay-sops · commit 009c69340434 · 2023-08-29T13:04:43.000+05:30
diff --git a/examples/complete-vpc-with-vpn/main.tf b/examples/complete-vpc-with-vpn/main.tf
@@ -35,4 +35,5 @@ module "vpc" {
   vpn_server_instance_type                        = "t3a.small"
   flow_log_max_aggregation_interval               = 60
   flow_log_cloudwatch_log_group_retention_in_days = 90
+  flow_log_cloudwatch_log_group_kms_key_arn       = "" #Enter your kms key arn
 }
diff --git a/main.tf b/main.tf
@@ -63,6 +63,7 @@ module "vpc" {
   create_flow_log_cloudwatch_log_group            = local.create_flow_log_cloudwatch_log_group
   flow_log_max_aggregation_interval               = var.flow_log_max_aggregation_interval
   flow_log_cloudwatch_log_group_retention_in_days = var.flow_log_cloudwatch_log_group_retention_in_days
+  flow_log_cloudwatch_log_group_kms_key_id        = var.flow_log_cloudwatch_log_group_kms_key_arn
   enable_ipv6                                     = local.enable_ipv6
   #assign_ipv6_address_on_creation = local.assign_ipv6_address_on_creation
   public_subnet_assign_ipv6_address_on_creation   = local.public_subnet_assign_ipv6_address_on_creation
diff --git a/variables.tf b/variables.tf
@@ -191,3 +191,9 @@ variable "intra_subnet_assign_ipv6_address_on_creation" {
   type        = bool
   default     = null
 }
+
+variable "flow_log_cloudwatch_log_group_kms_key_arn" {
+  description = "The ARN of the KMS Key to use when encrypting log data for VPC flow logs"
+  type        = string
+  default     = null
+}

Original file line number	Diff line number	Diff line change
`@@ -35,4 +35,5 @@ module "vpc" {`
`35`	`35`	`vpn_server_instance_type = "t3a.small"`
`36`	`36`	`flow_log_max_aggregation_interval = 60`
`37`	`37`	`flow_log_cloudwatch_log_group_retention_in_days = 90`
	`38`	`+ flow_log_cloudwatch_log_group_kms_key_arn = "" #Enter your kms key arn`
`38`	`39`	`}`