resource "aws_flow_log" "vpc-flowlog" { provider = aws.NetworkDeployer count = var.enable-flow-log ? 1 : 0 iam_role_arn = aws_iam_role.vpcflowlog-role.arn log_destination = aws_cloudwatch_log_group.vpcflowlog-loggroup[0].arn traffic_type = "ALL" vpc_id = aws_vpc.vpc.id tags = { Name = "${var.resource-prefix}-vpcflowlog" } } resource "aws_cloudwatch_log_group" "vpcflowlog-loggroup" { provider = aws.CommonDeployer count = var.enable-flow-log ? 1 : 0 name_prefix = "vpcflowlog/${aws_vpc.vpc.id}/" kms_key_id = var.vpcflowlog-cwl-loggroup-key-arn retention_in_days = var.vpcflowlog-retain-days } resource "random_id" "rid" { byte_length = 2 } resource "aws_iam_role" "vpcflowlog-role" { provider = aws.SecurityDeployer name = "VpcFlowlogRole-${random_id.rid.dec}" path = "/service/" assume_role_policy = <