Terraform code for Leverage Reference Architecture for AWS, designed under optimal configs for the most popular modern web and mobile applications needs.
If possible consider to upgrade the binbashar/terraform-aws-vpc-flowlogs module, since it lacks customization for some basic things like type of traffic to capture.
The resource for which to create the flow log
The type of traffic to capture (accepted traffic, rejected traffic, or all traffic)
The destinations to which you want to publish the flow log data
Why?
The vpc flow logs are not being published in the organization accounts S3 buckets.
The bucket created by the module is not completely private
References
VPC flow logs
VPC flow logs empty bucket
VPC flow logs bucket not fully private
How?
In order to block public access and grant the necessary permissions to let vpc flow logs write the logs (delivery.logs.amazonaws.com) to the corresponding S3 bucket, please consider extending our vpc flow logs module with the code below
What?
Why?
References
VPC flow logs
VPC flow logs empty bucket
VPC flow logs bucket not fully private
How?
In order to block public access and grant the necessary permissions to let vpc flow logs write the logs (delivery.logs.amazonaws.com) to the corresponding S3 bucket, please consider extending our vpc flow logs module with the code below