{ "description": "FlowLog is the Schema for the FlowLogs API", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "FlowLogSpec defines the desired state of FlowLog.\n\nDescribes a flow log.", "properties": { "deliverLogsPermissionARN": { "description": "The ARN of the IAM role that allows Amazon EC2 to publish flow logs to the\nlog destination.\n\nThis parameter is required if the destination type is cloud-watch-logs, or\nif the destination type is kinesis-data-firehose and the delivery stream\nand the resources to monitor are in different accounts.", "type": "string" }, "destinationOptions": { "description": "The destination options.", "properties": { "fileFormat": { "type": "string" }, "hiveCompatiblePartitions": { "type": "boolean" }, "perHourPartition": { "type": "boolean" } }, "type": "object", "additionalProperties": false }, "logDestination": { "description": "The destination for the flow log data. The meaning of this parameter depends\non the destination type.\n\n - If the destination type is cloud-watch-logs, specify the ARN of a CloudWatch\n Logs log group. For example: arn:aws:logs:region:account_id:log-group:my_group\n Alternatively, use the LogGroupName parameter.\n\n - If the destination type is s3, specify the ARN of an S3 bucket. For\n example: arn:aws:s3:::my_bucket/my_subfolder/ The subfolder is optional.\n Note that you can't use AWSLogs as a subfolder name.\n\n - If the destination type is kinesis-data-firehose, specify the ARN of\n a Kinesis Data Firehose delivery stream. For example: arn:aws:firehose:region:account_id:deliverystream:my_stream", "type": "string" }, "logDestinationType": { "description": "The type of destination for the flow log data.\n\nDefault: cloud-watch-logs", "type": "string" }, "logFormat": { "description": "The fields to include in the flow log record. List the fields in the order\nin which they should appear. If you omit this parameter, the flow log is\ncreated using the default format. If you specify this parameter, you must\ninclude at least one field. For more information about the available fields,\nsee Flow log records (https://docs.aws.amazon.com/vpc/latest/userguide/flow-log-records.html)\nin the Amazon VPC User Guide or Transit Gateway Flow Log records (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-flow-logs.html#flow-log-records)\nin the Amazon Web Services Transit Gateway Guide.\n\nSpecify the fields using the ${field-id} format, separated by spaces.", "type": "string" }, "logGroupName": { "description": "The name of a new or existing CloudWatch Logs log group where Amazon EC2\npublishes your flow logs.\n\nThis parameter is valid only if the destination type is cloud-watch-logs.", "type": "string" }, "maxAggregationInterval": { "description": "The maximum interval of time during which a flow of packets is captured and\naggregated into a flow log record. The possible values are 60 seconds (1\nminute) or 600 seconds (10 minutes). This parameter must be 60 seconds for\ntransit gateway resource types.\n\nWhen a network interface is attached to a Nitro-based instance (https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-nitro-instances.html),\nthe aggregation interval is always 60 seconds or less, regardless of the\nvalue that you specify.\n\nDefault: 600", "format": "int64", "type": "integer" }, "resourceID": { "type": "string" }, "resourceType": { "description": "The type of resource to monitor.", "type": "string" }, "tags": { "description": "The tags. The value parameter is required, but if you don't want the tag\nto have a value, specify the parameter with no value, and we set the value\nto an empty string.", "items": { "description": "Describes a tag.", "properties": { "key": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "trafficType": { "description": "The type of traffic to monitor (accepted traffic, rejected traffic, or all\ntraffic). This parameter is not supported for transit gateway resource types.\nIt is required for the other resource types.", "type": "string" } }, "required": [ "resourceID", "resourceType" ], "type": "object", "additionalProperties": false }, "status": { "description": "FlowLogStatus defines the observed state of FlowLog", "properties": { "ackResourceMetadata": { "description": "All CRs managed by ACK have a common `Status.ACKResourceMetadata` member\nthat is used to contain resource sync state, account ownership,\nconstructed ARN for the resource", "properties": { "arn": { "description": "ARN is the Amazon Resource Name for the resource. This is a\nglobally-unique identifier and is set only by the ACK service controller\nonce the controller has orchestrated the creation of the resource OR\nwhen it has verified that an \"adopted\" resource (a resource where the\nARN annotation was set by the Kubernetes user on the CR) exists and\nmatches the supplied CR's Spec field values.\nhttps://github.com/aws/aws-controllers-k8s/issues/270", "type": "string" }, "ownerAccountID": { "description": "OwnerAccountID is the AWS Account ID of the account that owns the\nbackend AWS service API resource.", "type": "string" }, "region": { "description": "Region is the AWS region in which the resource exists or will exist.", "type": "string" } }, "required": [ "ownerAccountID", "region" ], "type": "object", "additionalProperties": false }, "clientToken": { "description": "Unique, case-sensitive identifier that you provide to ensure the idempotency\nof the request.", "type": "string" }, "conditions": { "description": "All CRs managed by ACK have a common `Status.Conditions` member that\ncontains a collection of `ackv1alpha1.Condition` objects that describe\nthe various terminal states of the CR and its backend AWS service API\nresource", "items": { "description": "Condition is the common struct used by all CRDs managed by ACK service\ncontrollers to indicate terminal states of the CR and its backend AWS\nservice API resource", "properties": { "lastTransitionTime": { "description": "Last time the condition transitioned from one status to another.", "format": "date-time", "type": "string" }, "message": { "description": "A human readable message indicating details about the transition.", "type": "string" }, "reason": { "description": "The reason for the condition's last transition.", "type": "string" }, "status": { "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { "description": "Type is the type of the Condition", "type": "string" } }, "required": [ "status", "type" ], "type": "object", "additionalProperties": false }, "type": "array" }, "flowLogID": { "type": "string" }, "unsuccessful": { "description": "Information about the flow logs that could not be created successfully.", "items": { "description": "Information about items that were not successfully processed in a batch call.", "properties": { "error": { "description": "Information about the error that occurred. For more information about errors,\nsee Error codes (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/errors-overview.html).", "properties": { "code": { "type": "string" }, "message": { "type": "string" } }, "type": "object", "additionalProperties": false }, "resourceID": { "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false } }, "type": "object" }