diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.js.snapshot/FlowLogsTestStack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.js.snapshot/FlowLogsTestStack.assets.json index 713fa5d78b514..552ada3c3bbb0 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.js.snapshot/FlowLogsTestStack.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.js.snapshot/FlowLogsTestStack.assets.json @@ -14,7 +14,7 @@ } } }, - "3ce753b86cc495963a83fb705939d943d5e9f72479908cacc601c1a4a283d2a8": { + "7439e0fd5d17e28a806ee5874e108956489689e5455459642618e32f2c377b91": { "source": { "path": "FlowLogsTestStack.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "3ce753b86cc495963a83fb705939d943d5e9f72479908cacc601c1a4a283d2a8.json", + "objectKey": "7439e0fd5d17e28a806ee5874e108956489689e5455459642618e32f2c377b91.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.js.snapshot/FlowLogsTestStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.js.snapshot/FlowLogsTestStack.template.json index 032a64de67c3e..0c49ab17843cb 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.js.snapshot/FlowLogsTestStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.js.snapshot/FlowLogsTestStack.template.json @@ -531,6 +531,9 @@ "TrafficType": "ALL" } }, + "ECSCluster7D463CD4": { + "Type": "AWS::ECS::Cluster" + }, "FlowLogsAllFormatCWIAMRoleAF92546B": { "Type": "AWS::IAM::Role", "Properties": { @@ -618,7 +621,7 @@ ] }, "LogDestinationType": "cloud-watch-logs", - "LogFormat": "${version} ${account-id} ${interface-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${protocol} ${packets} ${bytes} ${start} ${end} ${action} ${log-status} ${vpc-id} ${subnet-id} ${instance-id} ${tcp-flags} ${type} ${pkt-srcaddr} ${pkt-dstaddr} ${region} ${az-id} ${sublocation-type} ${sublocation-id} ${pkt-src-aws-service} ${pkt-dst-aws-service} ${flow-direction} ${traffic-path}", + "LogFormat": "${version} ${account-id} ${interface-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${protocol} ${packets} ${bytes} ${start} ${end} ${action} ${log-status} ${vpc-id} ${subnet-id} ${instance-id} ${tcp-flags} ${type} ${pkt-srcaddr} ${pkt-dstaddr} ${region} ${az-id} ${sublocation-type} ${sublocation-id} ${pkt-src-aws-service} ${pkt-dst-aws-service} ${flow-direction} ${traffic-path} ${ecs-cluster-arn} ${ecs-cluster-name} ${ecs-container-instance-arn} ${ecs-container-instance-id} ${ecs-container-id} ${ecs-second-container-id} ${ecs-service-name} ${ecs-task-definition-arn} ${ecs-task-arn} ${ecs-task-id}", "LogGroupName": { "Ref": "FlowLogsAllFormatCWLogGroup3DAB6837" }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.js.snapshot/manifest.json index 557636b9a04ad..4e20baab8294d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/3ce753b86cc495963a83fb705939d943d5e9f72479908cacc601c1a4a283d2a8.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/7439e0fd5d17e28a806ee5874e108956489689e5455459642618e32f2c377b91.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -202,6 +202,12 @@ "data": "FlowLogsCWFlowLog9CED86DA" } ], + "/FlowLogsTestStack/ECSCluster/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ECSCluster7D463CD4" + } + ], "/FlowLogsTestStack/FlowLogsAllFormatCW/IAMRole/Resource": [ { "type": "aws:cdk:logicalId", @@ -223,7 +229,10 @@ "/FlowLogsTestStack/FlowLogsAllFormatCW/FlowLog": [ { "type": "aws:cdk:logicalId", - "data": "FlowLogsAllFormatCWFlowLogB1D6C85A" + "data": "FlowLogsAllFormatCWFlowLogB1D6C85A", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/FlowLogsTestStack/Bucket/Resource": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.js.snapshot/tree.json index 62e5c5e089146..a99b04af8cdc5 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.js.snapshot/tree.json @@ -883,6 +883,28 @@ "version": "0.0.0" } }, + "ECSCluster": { + "id": "ECSCluster", + "path": "FlowLogsTestStack/ECSCluster", + "children": { + "Resource": { + "id": "Resource", + "path": "FlowLogsTestStack/ECSCluster/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::Cluster", + "aws:cdk:cloudformation:props": {} + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnCluster", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.Cluster", + "version": "0.0.0" + } + }, "FlowLogsAllFormatCW": { "id": "FlowLogsAllFormatCW", "path": "FlowLogsTestStack/FlowLogsAllFormatCW", @@ -1037,7 +1059,7 @@ ] }, "logDestinationType": "cloud-watch-logs", - "logFormat": "${version} ${account-id} ${interface-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${protocol} ${packets} ${bytes} ${start} ${end} ${action} ${log-status} ${vpc-id} ${subnet-id} ${instance-id} ${tcp-flags} ${type} ${pkt-srcaddr} ${pkt-dstaddr} ${region} ${az-id} ${sublocation-type} ${sublocation-id} ${pkt-src-aws-service} ${pkt-dst-aws-service} ${flow-direction} ${traffic-path}", + "logFormat": "${version} ${account-id} ${interface-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${protocol} ${packets} ${bytes} ${start} ${end} ${action} ${log-status} ${vpc-id} ${subnet-id} ${instance-id} ${tcp-flags} ${type} ${pkt-srcaddr} ${pkt-dstaddr} ${region} ${az-id} ${sublocation-type} ${sublocation-id} ${pkt-src-aws-service} ${pkt-dst-aws-service} ${flow-direction} ${traffic-path} ${ecs-cluster-arn} ${ecs-cluster-name} ${ecs-container-instance-arn} ${ecs-container-instance-id} ${ecs-container-id} ${ecs-second-container-id} ${ecs-service-name} ${ecs-task-definition-arn} ${ecs-task-arn} ${ecs-task-id}", "logGroupName": { "Ref": "FlowLogsAllFormatCWLogGroup3DAB6837" }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.ts index 0e856160bffeb..cc6cd4608cc8f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.ts @@ -1,4 +1,5 @@ import { Bucket } from 'aws-cdk-lib/aws-s3'; +import { Cluster } from 'aws-cdk-lib/aws-ecs'; import { App, Stack, StackProps, RemovalPolicy } from 'aws-cdk-lib'; import { IntegTest } from '@aws-cdk/integ-tests-alpha'; import { FlowLog, FlowLogDestination, FlowLogResourceType, Vpc, LogFormat } from 'aws-cdk-lib/aws-ec2'; @@ -19,6 +20,9 @@ class TestStack extends Stack { LogFormat.SRC_PORT, ], }); + + new Cluster(this, 'ECSCluster', { vpc }); + new FlowLog(this, 'FlowLogsAllFormatCW', { resourceType: FlowLogResourceType.fromVpc(vpc), logFormat: [ @@ -51,6 +55,16 @@ class TestStack extends Stack { LogFormat.PKT_DST_AWS_SERVICE, LogFormat.FLOW_DIRECTION, LogFormat.TRAFFIC_PATH, + LogFormat.ECS_CLUSTER_ARN, + LogFormat.ECS_CLUSTER_NAME, + LogFormat.ECS_CONTAINER_INSTANCE_ARN, + LogFormat.ECS_CONTAINER_INSTANCE_ID, + LogFormat.ECS_CONTAINER_ID, + LogFormat.ECS_SECOND_CONTAINER_ID, + LogFormat.ECS_SERVICE_NAME, + LogFormat.ECS_TASK_DEFINITION_ARN, + LogFormat.ECS_TASK_ARN, + LogFormat.ECS_TASK_ID, ], }); diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc-flow-logs.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc-flow-logs.ts index 94a7e5f370fda..351b9832c7dd9 100644 --- a/packages/aws-cdk-lib/aws-ec2/lib/vpc-flow-logs.ts +++ b/packages/aws-cdk-lib/aws-ec2/lib/vpc-flow-logs.ts @@ -646,6 +646,58 @@ export class LogFormat { */ public static readonly TRAFFIC_PATH = LogFormat.field('traffic-path'); + /** + * AWS Resource Name (ARN) of the ECS cluster if the traffic is from a running ECS task. + */ + public static readonly ECS_CLUSTER_ARN = LogFormat.field('ecs-cluster-arn'); + + /** + * Name of the ECS cluster if the traffic is from a running ECS task. + */ + public static readonly ECS_CLUSTER_NAME = LogFormat.field('ecs-cluster-name'); + + /** + * ARN of the ECS container instance if the traffic is from a running ECS task on an EC2 instance. + */ + public static readonly ECS_CONTAINER_INSTANCE_ARN = LogFormat.field('ecs-container-instance-arn'); + + /** + * ID of the ECS container instance if the traffic is from a running ECS task on an EC2 instance. + */ + public static readonly ECS_CONTAINER_INSTANCE_ID = LogFormat.field('ecs-container-instance-id'); + + /** + * Docker runtime ID of the container if the traffic is from a running ECS task. + * If there is one container or more in the ECS task, this will be the docker runtime ID of the first container. + */ + public static readonly ECS_CONTAINER_ID = LogFormat.field('ecs-container-id'); + + /** + * Docker runtime ID of the container if the traffic is from a running ECS task. + * If there is more than one container in the ECS task, this will be the Docker runtime ID of the second container. + */ + public static readonly ECS_SECOND_CONTAINER_ID = LogFormat.field('ecs-second-container-id'); + + /** + * Name of the ECS service if the traffic is from a running ECS task and the ECS task is started by an ECS service. + */ + public static readonly ECS_SERVICE_NAME = LogFormat.field('ecs-service-name'); + + /** + * ARN of the ECS task definition if the traffic is from a running ECS task. + */ + public static readonly ECS_TASK_DEFINITION_ARN = LogFormat.field('ecs-task-definition-arn'); + + /** + * ARN of the ECS task if the traffic is from a running ECS task. + */ + public static readonly ECS_TASK_ARN = LogFormat.field('ecs-task-arn'); + + /** + * ID of the ECS task if the traffic is from a running ECS task. + */ + public static readonly ECS_TASK_ID = LogFormat.field('ecs-task-id'); + /** * The default format. */ diff --git a/packages/aws-cdk-lib/aws-ec2/test/vpc-flow-logs.test.ts b/packages/aws-cdk-lib/aws-ec2/test/vpc-flow-logs.test.ts index 42ed33b58c8bf..287baa496ea95 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/vpc-flow-logs.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/vpc-flow-logs.test.ts @@ -712,6 +712,16 @@ test('log format for built-in types is correct', () => { LogFormat.PKT_DST_AWS_SERVICE, LogFormat.FLOW_DIRECTION, LogFormat.TRAFFIC_PATH, + LogFormat.ECS_CLUSTER_ARN, + LogFormat.ECS_CLUSTER_NAME, + LogFormat.ECS_CONTAINER_INSTANCE_ARN, + LogFormat.ECS_CONTAINER_INSTANCE_ID, + LogFormat.ECS_CONTAINER_ID, + LogFormat.ECS_SECOND_CONTAINER_ID, + LogFormat.ECS_SERVICE_NAME, + LogFormat.ECS_TASK_DEFINITION_ARN, + LogFormat.ECS_TASK_ARN, + LogFormat.ECS_TASK_ID, ], }); @@ -722,7 +732,10 @@ test('log format for built-in types is correct', () => { + '${dstport} ${protocol} ${packets} ${bytes} ${start} ${end} ${action} ${log-status} ' + '${vpc-id} ${subnet-id} ${instance-id} ${tcp-flags} ${type} ${pkt-srcaddr} ' + '${pkt-dstaddr} ${region} ${az-id} ${sublocation-type} ${sublocation-id} ' - + '${pkt-src-aws-service} ${pkt-dst-aws-service} ${flow-direction} ${traffic-path}'), + + '${pkt-src-aws-service} ${pkt-dst-aws-service} ${flow-direction} ${traffic-path} ' + + '${ecs-cluster-arn} ${ecs-cluster-name} ${ecs-container-instance-arn} ${ecs-container-instance-id} ' + + '${ecs-container-id} ${ecs-second-container-id} ${ecs-service-name} ${ecs-task-definition-arn} ' + + '${ecs-task-arn} ${ecs-task-id}'), }); });