feat(ec2): change log format in Vpc flow logs #22430
Conversation
|
|
github-actions
bot
added
the
valued-contributor
github-actions
bot
added
p2
effort/small
watany-dev
force-pushed
the
add-flowlog-logformat
branch
from
4d2aa5e to
0fb256a
Compare
aws-cdk-automation
dismissed
their stale review
✅ Updated pull request passes all PRLinter validations. Dissmissing previous PRLinter review.
watany-dev
changed the title
| /** | ||
| * The following table describes all of the available fields for a flow log record. | ||
| */ | ||
| export enum LogFormatField { |
There was a problem hiding this comment.
I don't think you need custom for LogFormatField. "custom" in the document below does not mean that the user can specify any Key. It means that you can specify any Key of "Available fields" with a space-separated string.
docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-logs-fields
The reason we want to have the custom option is to allow the user to specify new fields that we
have not added support for yet. We don't want to block users from using new values as soon as they
are released. If you don't like the custom methed we can do without that and the
user can just do something like:
customLogFormatFields: [
LogFormatField.SRC_PORT,
new LogFormatField('${new-field}'),
]There was a problem hiding this comment.
Fixed. Added Usage to Readme.md.
| /** | ||
| * The VPC Flow Logs version. | ||
| */ |
There was a problem hiding this comment.
| /** | |
| * The VPC Flow Logs version. | |
| */ | |
| /** | |
| * The VPC Flow Logs version. | |
| */ |
nit - can you fix all the formatting of these docstrings so they are consistent.
Co-authored-by: Cory Hall <[email protected]>
mergify
bot
dismissed
corymhall’s stale review
Pull request has been modified.
watany-dev
force-pushed
the
add-flowlog-logformat
branch
3 times, most recently
from
3b819e2 to
a535340
Compare
watany-dev
force-pushed
the
add-flowlog-logformat
branch
from
a535340 to
8d24152
Compare
| /** | ||
| * The default format. | ||
| */ | ||
| public static readonly ALL_DEFAULT_FIELDS = new LogFormatField('${version} ${account-id} ${interface-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${protocol} ${packets} ${bytes} ${start} ${end} ${action} ${log-status} ${vpc-id} ${subnet-id} ${instance-id} ${tcp-flags} ${type} ${pkt-srcaddr} ${pkt-dstaddr} ${region} ${az-id} ${sublocation-type} ${sublocation-id} ${pkt-src-aws-service} ${pkt-dst-aws-service} ${flow-direction} ${traffic-path}'); |
There was a problem hiding this comment.
Edge case question here. Since this will be a manual update in the future, what happens if a customer uses this and then also adds a custom one because it's not in here yet, and then we update this to include it (so now it's a duplicate). Will that cause an error? Will it de-duplicate it? Or will it just have the field twice?
There was a problem hiding this comment.
In this implementation, the expanded string of each parameter is defined as a space-separated string. Thus there will be two fields.
There was a problem hiding this comment.
According to https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-log-records, the default fields are all those with version '2' in that table, i.e.:
- version
- account-id
- interface-id
- srcaddr
- dstaddr
- srcport
- dstport
- protocol
- packets
- bytes
- start
- end
- action
- log-status
(Hence, not the rest)
watany-dev
requested review from
TheRealAmazonKendra
and removed request for
corymhall
| /** | ||
| * The default format. | ||
| */ | ||
| public static readonly ALL_DEFAULT_FIELDS = new LogFormatField('${version} ${account-id} ${interface-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${protocol} ${packets} ${bytes} ${start} ${end} ${action} ${log-status} ${vpc-id} ${subnet-id} ${instance-id} ${tcp-flags} ${type} ${pkt-srcaddr} ${pkt-dstaddr} ${region} ${az-id} ${sublocation-type} ${sublocation-id} ${pkt-src-aws-service} ${pkt-dst-aws-service} ${flow-direction} ${traffic-path}'); |
There was a problem hiding this comment.
According to https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-log-records, the default fields are all those with version '2' in that table, i.e.:
- version
- account-id
- interface-id
- srcaddr
- dstaddr
- srcport
- dstport
- protocol
- packets
- bytes
- start
- end
- action
- log-status
(Hence, not the rest)
| return new LogFormatField(`\${${field}}`); | ||
| } | ||
|
|
||
| constructor(public readonly value: string) {} |
There was a problem hiding this comment.
Make this constructor at least protected.
There was a problem hiding this comment.
I am actually using public value to pass strings like this to CfnFlowlog. Is there a good way to improve this?
customLogFormat = props.logFormat.map(elm => {
return elm.value;
}).join(' ');There was a problem hiding this comment.
That is fine. The constructor itself should be protected is what I mean.
| constructor(public readonly value: string) {} | |
| protected constructor(public readonly value: string) {} |
There was a problem hiding this comment.
My mistake, my bad.
| /** | ||
| * The custom format. For users to specify unsupported fields. | ||
| */ | ||
| public static custom(field: string): LogFormatField { |
There was a problem hiding this comment.
A factory called custom() probably shouldn't add any unrequested decoration. Probably call this factory field(), and add one called custom() that just uses the user string verbatim.
There was a problem hiding this comment.
It is certainly more natural that way. Corrected.
| @@ -1321,6 +1321,36 @@ vpc.addFlowLog('FlowLogCloudWatch', { | |||
| }); | |||
| ``` | |||
|
|
|||
| You can also custom format flow logs. | |||
There was a problem hiding this comment.
Please add a section heading as well.
Co-authored-by: Rico Huijbers <[email protected]>
Co-authored-by: Rico Huijbers <[email protected]>
Co-authored-by: Rico Huijbers <[email protected]>
rix0rrr
changed the title
mergify
bot
dismissed
rix0rrr’s stale review
Pull request has been modified.
rix0rrr
changed the title
mergify
bot
dismissed
rix0rrr’s stale review
Pull request has been modified.
wat |
watany-dev
force-pushed
the
add-flowlog-logformat
branch
from
84d4f9c to
c0ca1ea
Compare
|
tested |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
refer to #16279 and #16279 (comment). The difference is below
LogFormatField. "custom" in the document below does not mean that the user can specify any Key. It means that you can specify any Key of "Available fields" with a space-separated string.https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-logs-fields
fixes #19316
All Submissions:
Adding new Unconventional Dependencies:
New Features
yarn integto deploy the infrastructure and generate the snapshot (i.e.yarn integwithout--dry-run)?By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license