# Create VPC flow logs This example builds a VPC with public and private subnets in 3 availability zones, creates a nat gateway in each AZ and appropriately routes from each private to the nat gateway. It creates an internet gateway and appropriately routes subnet traffic from "0.0.0.0/0" to the IGW. It creates encrypted VPC Flow Logs that are sent to cloud-watch and retained for 180 days. At this point, only cloud-watch logs are support, pending: https://github.com/aws-ia/terraform-aws-vpc/issues/35 ## Requirements | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.0 | | [aws](#requirement\_aws) | >= 3.73.0 | ## Providers | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 3.73.0 | ## Modules | Name | Source | Version | |------|--------|---------| | [vpc](#module\_vpc) | aws-ia/vpc/aws | >= 4.2.0 | ## Resources | Name | Type | |------|------| | [aws_availability_zones.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [kms\_key\_id](#input\_kms\_key\_id) | KMS Key ID | `string` | `null` | no | | [vpc\_flow\_logs](#input\_vpc\_flow\_logs) | Whether or not to create VPC flow logs and which type. Options: "cloudwatch", "s3", "none". | 
object({
    log_destination = optional(string)
    iam_role_arn    = optional(string)
    kms_key_id      = optional(string)

    log_destination_type = string
    retention_in_days    = optional(number)
    tags                 = optional(map(string))
    traffic_type         = optional(string)
    destination_options = optional(object({
      file_format                = optional(string)
      hive_compatible_partitions = optional(bool)
      per_hour_partition         = optional(bool)
    }))
  })
| 
{
  "kms_key_id": null,
  "log_destination_type": "cloud-watch-logs",
  "retention_in_days": 180
}
| no | ## Outputs | Name | Description | |------|-------------| | [private\_subnets](#output\_private\_subnets) | Map of private subnet attributes grouped by az. | | [private\_subnets\_tags\_length](#output\_private\_subnets\_tags\_length) | Count of private subnet tags for a single az. | | [public\_subnets](#output\_public\_subnets) | Map of public subnet attributes grouped by az. | | [public\_subnets\_tags\_length](#output\_public\_subnets\_tags\_length) | Count of public subnet tags for a single az. |