Open maclema opened 2 years ago
Thank you for the good call out. We have created an internal backlog for the feature request. I am going to move forward and close this issue for now.
Was this feature ever implemented? Can't see it has in the latest code base so just curious as to what's happening with it?
The AFT-Management VPC that gets created is the only VPC in my org that doesn't have flow logs enabled atm and would be nice to fix that.
@andy-townsend Feature has not been prioritized yet. I'm re-opening this ticket to have a public ticket to track the request
Has there been any movement on this? Seems like a relatively straightforward addition and I assume this was anticipated since there's a tfsec-ignore tag that mentions removing once flow logs are added/enabled.
Similar to VPC endpoints being enabled by default with an option to disable (aft_vpc_endpoints). VPC flow logs should also be enabled by default with the ability to disable via an input. This is inline with the AWS Foundational Security Best Practices controls: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#fsbp-ec2-6