diff --git a/CHANGELOG.md b/CHANGELOG.md
index d36c54b..28e7339 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,3 +18,7 @@
* v1.0.3 -- 20210512
- security-groups
- add output of security_groups map(object{name,id,arn})
+
+* v1.0.4 -- 20210514
+ - flowlogs
+ - setup flow logs
diff --git a/common/prefixes.tf b/common/prefixes.tf
index 497851a..d2ee1fe 100644
--- a/common/prefixes.tf
+++ b/common/prefixes.tf
@@ -22,5 +22,7 @@ locals {
"customer-gateway" = "cgw-"
"vpn-gateway" = "vpcg-"
"vpn-connection" = "vpn_"
+ "log-group" = "lg-"
+ "log-stream" = "lgs-"
}
}
diff --git a/common/version.tf b/common/version.tf
index 1dfb710..4840281 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,3 +1,3 @@
locals {
- _module_version = "1.0.3"
+ _module_version = "1.0.4"
}
diff --git a/flowlogs-role/README.md b/flowlogs-role/README.md
new file mode 100644
index 0000000..67b0450
--- /dev/null
+++ b/flowlogs-role/README.md
@@ -0,0 +1,60 @@
+# aws-vpc-setup :: flowlogs-role
+
+This sets up the default flowlogs role and policies, allowign for kinesis streams to be used in all regions
+selected. The role and policy created are `inf-flowlogs` with the appropriate prefix.
+
+# Usage
+```hcl
+module "role_flowlogs" {
+ source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//flowlogs-role"
+ regions = values(var.region_map)
+ attached_policies = [ module.general.custom_policies_arn["deny_billing"]]
+ tags = { }
+}
+```
+
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | n/a |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [flowlogs](#module\_flowlogs) | git@github.e.it.census.gov:terraform-modules/aws-iam-role.git | |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_iam_policy.flowlogs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_role_policy_attachment.flowlogs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_iam_policy_document.flowlogs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.flowlogs_assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no |
+| [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
+| [attached\_policies](#input\_attached\_policies) | List of IAM Policy ARNs to attach to this role | `list(string)` | `[]` | no |
+| [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| [regions](#input\_regions) | List of AWS Regions for which to grant Kinesis stream access | `list(string)` | `[]` | no |
+| [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS). Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [role\_arn](#output\_role\_arn) | Created flowlogs role ARN |
+| [role\_name](#output\_role\_name) | Created flowlogs role name |