Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(aws-ec2/FlowLog): L2 construct FlowLog can't configure kinesis data firehose as LogDestination #27275

Closed
2 tasks
imaig opened this issue Sep 25, 2023 · 5 comments · Fixed by #27604
Closed
2 tasks

(aws-ec2/FlowLog): L2 construct FlowLog can't configure kinesis data firehose as LogDestination #27275

imaig opened this issue Sep 25, 2023 · 5 comments · Fixed by #27604
Labels
@aws-cdk/aws-kinesis Related to Amazon Kinesis effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p1

Comments

@imaig
Copy link

imaig commented Sep 25, 2023
edited
Loading

Describe the feature

Currently there are only 2 supported properties for FlowLogDestination:

  • CloudWatch Logs: toCloudWatchLogs()
  • S3: toS3()

However the CloudFormation template and L1 Construct(CfnFlowLog) allow 1 more option:

  • Kinesis Data Firehose

So we'd like to enable to configure Kinesis Data Firehose as LogDestination in L2 construct FlowLog as same as CloudWatch Logs and S3.

Use Case

Same as CloudFormation

Proposed Solution

Implement the method toKinesisDataFirehose() as same as the CloudWatch Logs and S3 in the FlowLogDestination class.

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.97.0

Environment details (OS name and version, etc.)

macOS 13.6
@imaig imaig added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Sep 25, 2023
@github-actions github-actions bot added the @aws-cdk/aws-kinesis Related to Amazon Kinesis label Sep 25, 2023
@peterwoodworth peterwoodworth added p1 effort/medium Medium work item – several days of effort effort/small Small work item – less than a day of effort and removed needs-triage This issue or PR still needs to be triaged. effort/medium Medium work item – several days of effort labels Sep 25, 2023
@peterwoodworth
Copy link
Contributor

Thanks for the request, makes sense!

@ymhiroki
Copy link
Contributor

I want to implement this feature!

@github-actions github-actions bot mentioned this issue Oct 1, 2023
Closed
@msambol
Copy link
Contributor

msambol commented Oct 12, 2023

@ymhiroki Are you already working on this? If not, I'll take it :)

@ymhiroki
Copy link
Contributor

I want to implement this feature!

@ymhiroki Are you already working on this? If not, I'll take it :)

I'm sorry for the delay, but I've just started the implementation.
I publish it as soon as possible.

@ymhiroki ymhiroki mentioned this issue Oct 19, 2023
Merged
@mergify mergify bot closed this as completed in #27604 Nov 6, 2023
mergify bot pushed a commit that referenced this issue Nov 6, 2023
@ymhiroki
feat(ec2): vpc flow logs supports kinesis data firehose (#27604)
e6b59d6 
The CloudFormation template ([AWS::EC2::FlowLog](https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-flowlog.html#cfn-ec2-flowlog-logdestination)) and the L1 Construct ([CfnFlowLog](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.CfnFlowLog.html#logdestination)) support Kinesis Data Firehose as a destination for VPC Flow Logs. This PR implements `toKinesisDataFirehose` method to set the Kinesis Data Firehose delivery stream as a destination for VPC Flow Logs.

[aws-kinesisfirehose-alpha module](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-kinesisfirehose-alpha-readme.html) is yet alpha module, so the construct gets an ARN of the delivery stream to specify the destination. The same technique is used in [DataProtectionPolicy](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_logs.DataProtectionPolicy.html).

This PR doesn't support [cross-account access](https://docs.aws.amazon.com/vpc/latest/tgw/flow-logs-kinesis.html) between the VPC and the delivery stream in the `toKinesisDataFirehose` method. The cross-account access is supported later to implement a more simple use case at first.

Closes #27275 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 6, 2023

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-kinesis Related to Amazon Kinesis effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p1
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(ec2): vpc flow logs supports kinesis data firehose ymhiroki/aws-cdk
4 participants
@msambol @peterwoodworth @imaig @ymhiroki