--- layout: "aws" page_title: "AWS: aws_flow_log" sidebar_current: "docs-aws-resource-flow-log" description: |- Provides a VPC/Subnet/ENI Flow Log --- # aws\_flow\_log Provides a VPC/Subnet/ENI Flow Log to capture IP traffic for a specific network interface, subnet, or VPC. Logs are sent to a CloudWatch Log Group. ``` resource "aws_flow_log" "test_flow_log" { # log_group_name needs to exist before hand # until we have a CloudWatch Log Group Resource log_group_name = "tf-test-log-group" iam_role_arn = "${aws_iam_role.test_role.arn}" vpc_id = "${aws_vpc.default.id}" traffic_type = "ALL" } resource "aws_iam_role" "test_role" { name = "test_role" assume_role_policy = <