feat: Add support for VPC flow log max_aggregation_interval (#431)

README.md

@@ -224,14 +224,14 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
 
 | Name | Version |
 |------|---------|
-| terraform | ~> 0.12.6 |
-| aws | ~> 2.53 |
+| terraform | >= 0.12.6, < 0.14 |
+| aws | ~> 2.57 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | ~> 2.53 |
+| aws | ~> 2.57 |
 
 ## Inputs
 
@@ -460,6 +460,7 @@ It is possible to integrate this VPC module with [terraform-aws-transit-gateway
 | flow\_log\_destination\_arn | The ARN of the CloudWatch log group or S3 bucket where VPC Flow Logs will be pushed. If this ARN is a S3 bucket the appropriate permissions need to be set on that bucket's policy. When create\_flow\_log\_cloudwatch\_log\_group is set to false this argument must be provided. | `string` | `""` | no |
 | flow\_log\_destination\_type | Type of flow log destination. Can be s3 or cloud-watch-logs. | `string` | `"cloud-watch-logs"` | no |
 | flow\_log\_log\_format | The fields to include in the flow log record, in the order in which they should appear. | `string` | `null` | no |
+| flow\_log\_max\_aggregation\_interval | The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds. | `number` | `600` | no |
 | flow\_log\_traffic\_type | The type of traffic to capture. Valid values: ACCEPT, REJECT, ALL. | `string` | `"ALL"` | no |
 | git\_codecommit\_endpoint\_private\_dns\_enabled | Whether or not to associate a private hosted zone with the specified VPC for Git Codecommit endpoint | `bool` | `false` | no |
 | git\_codecommit\_endpoint\_security\_group\_ids | The ID of one or more security groups to associate with the network interface for Git Codecommit endpoint | `list` | `[]` | no |

examples/complete-vpc/main.tf

@@ -110,6 +110,7 @@ module "vpc" {
   enable_flow_log                      = true
   create_flow_log_cloudwatch_log_group = true
   create_flow_log_cloudwatch_iam_role  = true
+  flow_log_max_aggregation_interval    = 60
 
   tags = {
     Owner       = "user"

examples/vpc-flow-logs/cloud-watch-logs.tf

@@ -15,6 +15,7 @@ module "vpc_with_flow_logs_cloudwatch_logs_default" {
   enable_flow_log                      = true
   create_flow_log_cloudwatch_log_group = true
   create_flow_log_cloudwatch_iam_role  = true
+  flow_log_max_aggregation_interval    = 60
 
   vpc_flow_log_tags = {
     Name = "vpc-flow-logs-cloudwatch-logs-default"

variables.tf

@@ -2318,3 +2318,9 @@ variable "flow_log_cloudwatch_log_group_kms_key_id" {
   type        = string
   default     = null
 }
+
+variable "flow_log_max_aggregation_interval" {
+  description = "The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: `60` seconds or `600` seconds."
+  type        = number
+  default     = 600
+}

vpc-flow-logs.tf

@@ -15,12 +15,13 @@ locals {
 resource "aws_flow_log" "this" {
   count = local.enable_flow_log ? 1 : 0
 
-  log_destination_type = var.flow_log_destination_type
-  log_destination      = local.flow_log_destination_arn
-  log_format           = var.flow_log_log_format
-  iam_role_arn         = local.flow_log_iam_role_arn
-  traffic_type         = var.flow_log_traffic_type
-  vpc_id               = local.vpc_id
+  log_destination_type     = var.flow_log_destination_type
+  log_destination          = local.flow_log_destination_arn
+  log_format               = var.flow_log_log_format
+  iam_role_arn             = local.flow_log_iam_role_arn
+  traffic_type             = var.flow_log_traffic_type
+  vpc_id                   = local.vpc_id
+  max_aggregation_interval = var.flow_log_max_aggregation_interval
 
   tags = merge(var.tags, var.vpc_flow_log_tags)
 }