snebhu3
commented
2 years ago Thank you for the good call out. We have created an internal backlog for the feature request. I am going to move forward and close this issue for now.
Open maclema opened 2 years ago
snebhu3
commented
2 years ago Thank you for the good call out. We have created an internal backlog for the feature request. I am going to move forward and close this issue for now.
andy-townsend
commented
1 year ago Was this feature ever implemented? Can't see it has in the latest code base so just curious as to what's happening with it?
The AFT-Management VPC that gets created is the only VPC in my org that doesn't have flow logs enabled atm and would be nice to fix that.
stumins
commented
1 year ago @andy-townsend Feature has not been prioritized yet. I'm re-opening this ticket to have a public ticket to track the request
awserinkolp
commented
7 months ago Has there been any movement on this? Seems like a relatively straightforward addition and I assume this was anticipated since there's a tfsec-ignore tag that mentions removing once flow logs are added/enabled.
Similar to VPC endpoints being enabled by default with an option to disable (aft_vpc_endpoints). VPC flow logs should also be enabled by default with the ability to disable via an input. This is inline with the AWS Foundational Security Best Practices controls: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#fsbp-ec2-6