Enable VPC flow logs (missed in initial review)
This commit is contained in:
parent
850a4b5b7e
commit
32a8271fcd
1 changed files with 8 additions and 0 deletions
|
|
@ -16,3 +16,11 @@ resource "aws_vpc" "main" {
|
||||||
enable_dns_support = true
|
enable_dns_support = true
|
||||||
tags = { Name = "nexus-${var.environment}", Environment = var.environment }
|
tags = { Name = "nexus-${var.environment}", Environment = var.environment }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Flow logs — added after security review flagged their absence
|
||||||
|
resource "aws_flow_log" "main" {
|
||||||
|
vpc_id = aws_vpc.main.id
|
||||||
|
traffic_type = "ALL"
|
||||||
|
iam_role_arn = aws_iam_role.flow_log.arn
|
||||||
|
log_destination = aws_cloudwatch_log_group.flow_log.arn
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue