diff --git a/modules/networking/vpc-subnet-manual/vpc-flowlog.tf b/modules/networking/vpc-subnet-manual/vpc-flowlog.tf index 630c0e9..fe46210 100644 --- a/modules/networking/vpc-subnet-manual/vpc-flowlog.tf +++ b/modules/networking/vpc-subnet-manual/vpc-flowlog.tf @@ -1,9 +1,9 @@ resource "aws_flow_log" "vpc-flowlog" { - count = var.enable-flow-log ? 1 : 0 - iam_role_arn = aws_iam_role.vpcflowlog-role.arn - log_destination = aws_cloudwatch_log_group.vpcflowlog-loggroup[0].arn - traffic_type = "ALL" - vpc_id = aws_vpc.vpc.id + count = var.enable-flow-log ? 1 : 0 + iam_role_arn = aws_iam_role.vpcflowlog-role.arn + log_destination = aws_cloudwatch_log_group.vpcflowlog-loggroup[0].arn + traffic_type = "ALL" + vpc_id = aws_vpc.vpc.id tags = { Name = "${var.resource-prefix}-vpcflowlog" } @@ -13,14 +13,18 @@ resource "aws_cloudwatch_log_group" "vpcflowlog-loggroup" { count = var.enable-flow-log ? 1 : 0 name_prefix = "vpcflowlog/${aws_vpc.vpc.id}/" - kms_key_id = var.vpcflowlog-cwl-loggroup-key-arn + kms_key_id = var.vpcflowlog-cwl-loggroup-key-arn retention_in_days = var.vpcflowlog-retain-days } +resource "random_id" "rid" { + byte_length = 2 +} + resource "aws_iam_role" "vpcflowlog-role" { - name = "${var.resource-prefix}-vpcflowlog" - path = "/service/" + name = "VpcFlowlogRole-${random_id.rid.dec}" + path = "/service/" assume_role_policy = <