Skip to content

Commit

Permalink
fix: Add variable to disable aws_vpc_flow (#153)
Browse files Browse the repository at this point in the history
Signed-off-by: Lei Jin <[email protected]>
  • Loading branch information
leijin-lw authored Dec 16, 2024
1 parent 785151f commit 9162e16
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 1 deletion.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,7 @@ No modules.
| <a name="input_subnet_id"></a> [subnet\_id](#input\_subnet\_id) | The ID of the subnet to use for scanning compute resources. Must also set `use_existing_subnet` to `true`. | `string` | `""` | no |
| <a name="input_suffix"></a> [suffix](#input\_suffix) | A string to be appended to the end of the name of all new resources. | `string` | `""` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | A map/dictionary of Tags to be assigned to created resources | `map(string)` | `{}` | no |
| <a name="input_use_aws_flow_log"></a> [use\_aws\_flow\_log](#input\_use\_aws\_flow\_log) | Whether or not you want to create AWS flow logs for the VPC. | `bool` | `true` | no |
| <a name="input_use_existing_cross_account_role"></a> [use\_existing\_cross\_account\_role](#input\_use\_existing\_cross\_account\_role) | Set this to true to use an existing IAM cross account role | `bool` | `false` | no |
| <a name="input_use_existing_event_role"></a> [use\_existing\_event\_role](#input\_use\_existing\_event\_role) | Set this to true to use an existing IAM event role | `bool` | `false` | no |
| <a name="input_use_existing_execution_role"></a> [use\_existing\_execution\_role](#input\_use\_existing\_execution\_role) | Set this to true to use an existing IAM execution role | `bool` | `false` | no |
Expand Down
2 changes: 1 addition & 1 deletion main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -906,7 +906,7 @@ resource "aws_vpc" "agentless_scan_vpc" {
}

resource "aws_flow_log" "agentless_scan_vpc_flow_log" {
count = var.regional && !var.use_existing_vpc ? 1 : 0
count = var.regional && var.use_aws_flow_log && !var.use_existing_vpc ? 1 : 0
vpc_id = local.vpc_id
traffic_type = "REJECT"

Expand Down
6 changes: 6 additions & 0 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -360,3 +360,9 @@ variable "use_internet_gateway" {
default = true
description = "Whether or not you want to use an 'AWS internet gateway' for internet facing traffic. Only set this to false if you route internet traffic using a different approach."
}

variable "use_aws_flow_log" {
type = bool
default = true
description = "Whether or not you want to create AWS flow logs for the VPC."
}

0 comments on commit 9162e16

Please sign in to comment.