Policy: AWS > VPC > VPC > Flow Logging > S3 > Bucket

The name of an S3 Bucket to which the VPC flow logs will be delivered. The S3 Bucket must already exist and the log delivery service (delivery.logs.amazonaws.com) must be granted the appropriate access. The bucket can reside in any account but must be in the same region as the VPC.

Resource Types

This policy targets the following resource types:

AWS > VPC > VPC

Primary Policy

This policy is used with the following primary policy:

AWS > VPC > VPC > Flow Logging > S3

Controls

AWS > VPC > VPC > Flow Logging

Policy Packs

This policy setting is used by the following policy packs:

Enforce Flow Logging to S3 Buckets Is Enabled for AWS VPCs

Policy Specification

Schema Type	`string`
Default template	`{{ $.bucketName }}`
Default template input	`- \| { region { turbot { id } } } - \| { bucketName: policy(uri: "aws#/policy/types/loggingBucketDefault", resourceId: "{{ $.region.turbot.id }}") }`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/turbot

Policy Type URI

tmod:@turbot/aws-vpc-core#/policy/types/vpcFlowLoggingS3Bucket

GraphQL

query policyType(id: "tmod:@turbot/aws-vpc-core#/policy/types/vpcFlowLoggingS3Bucket") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/aws-vpc-core#/policy/types/vpcFlowLoggingS3Bucket'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/aws-vpc-core#/policy/types/vpcFlowLoggingS3Bucket'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/aws-vpc-core#/policy/types/vpcFlowLoggingS3Bucket"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-vpc-core#/policy/types/vpcFlowLoggingS3Bucket"