resource "aws_flow_log" "vpc-flowlog" { count = var.enable-flow-log ? 1 : 0 iam_role_arn = aws_iam_role.vpcflowlog-role.arn log_destination = aws_cloudwatch_log_group.vpcflowlog-loggroup[0].arn traffic_type = "ALL" vpc_id = aws_vpc.vpc.id tags = merge( var.default-tags, { Name = "${local.resource-prefix}-vpcflowlog" }, ) } resource "aws_cloudwatch_log_group" "vpcflowlog-loggroup" { count = var.enable-flow-log ? 1 : 0 name_prefix = "vpcflowlog/${aws_vpc.vpc.id}/" kms_key_id = var.vpcflowlog-cwl-loggroup-key-arn retention_in_days = var.vpcflowlog-retain-days tags = var.default-tags } resource "aws_iam_role" "vpcflowlog-role" { name = "${local.resource-prefix}-vpcflowlog" path = "/service/" assume_role_policy = <