diff --git a/terraform/aws-flow-sensor/README.md b/terraform/aws-flow-sensor/README.md index 8853acd..c871335 100644 --- a/terraform/aws-flow-sensor/README.md +++ b/terraform/aws-flow-sensor/README.md @@ -30,17 +30,18 @@ Flow Logs will only be processed for VPCs with flow log configurations matching ## Configuration Once paired with Fleet, configure the AWS VPC Flow feature (Private Preview) under `Advanced` as follows: -| Configuration | Required | Default | Purpose | Example | -|------------------------------------|----------|----------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------| -| `vpc_flow.enable` | YES | N/A | Enables the service | Toggle On | -| `vpc_flow.bucket_name` | YES | N/A | VPC flow log s3 bucket name | `vpc-flow-logs` | -| `vpc_flow.bucket_region` | YES | N/A | VPC flow log bucket region | `us-east-1` | -| `vpc_flow.start_date` | YES | N/A | Date to begin processing flows in AWS format (YYYY/MM/DD) | `2025/06/01` | -| `vpc_flow.log_level` | NO | `info` | The log level of the service | `debug` | -| `vpc_flow.monitored_accounts` | NO | `nil` | Filters which account(s) the Flow Sensor will process logs. Attempts to process all accounts found in the bucket if not configured | `111111111111,222222222222` | -| `vpc_flow.monitored_vpcs` | NO | `nil` | Filters which VPC(s) the Flow Sensor will process logs. Attempts to process all VPCs with supported flow configurations found in each account if not configured | `vpc-12345,vpc-54321` | -| `vpc_flow.monitored_regions` | NO | `Default AWS Region List` | Filters which region(s) the Flow Sensor will process logs. Will enumerate VPCs in the `Default AWS Region List` if not configured | `us-east-1,us-east-2` | -| `vpc_flow.cross_account_role_name` | NO | `nil` | Name of the cross account role the Flow Sensor should assume into in each account. Will ignore any account that is not the account the Flow Sensor is deployed in if not configured. | `corelight-vpc-flow-cross-account-role` | +| Configuration | Required | Default | Purpose | Example | +|----------------------------------------|----------|----------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------| +| `vpc_flow.enable` | YES | N/A | Enables the service | Toggle On | +| `vpc_flow.log_level` | NO | `info` | The log level of the service | `debug` | +| `vpc_flow.log_meta` | NO | false | Adds the s3 object key, total flows, ENI, and AWS account ID to the resulting conn log | `true` | +| `vpc_flow.aws.bucket_name` | YES | N/A | VPC flow log s3 bucket name | `vpc-flow-logs` | +| `vpc_flow.aws.bucket_region` | YES | N/A | VPC flow log bucket region | `us-east-1` | +| `vpc_flow.aws.start_date` | YES | N/A | Date to begin processing flows in AWS format (YYYY/MM/DD) | `2025/06/01` | +| `vpc_flow.aws.monitored_accounts` | NO | `nil` | Filters which account(s) the Flow Sensor will process logs. Attempts to process all accounts found in the bucket if not configured | `111111111111,222222222222` | +| `vpc_flow.aws.monitored_vpcs` | NO | `nil` | Filters which VPC(s) the Flow Sensor will process logs. Attempts to process all VPCs with supported flow configurations found in each account if not configured | `vpc-12345,vpc-54321` | +| `vpc_flow.aws.monitored_regions` | NO | `Default AWS Region List` | Filters which region(s) the Flow Sensor will process logs. Will enumerate VPCs in the `Default AWS Region List` if not configured | `us-east-1,us-east-2` | +| `vpc_flow.aws.cross_account_role_name` | NO | `nil` | Name of the cross account role the Flow Sensor should assume into in each account. Will ignore any account that is not the account the Flow Sensor is deployed in if not configured. | `corelight-vpc-flow-cross-account-role` | ### Default AWS Region List * `us-east-1`