Skip to content

updating the Fleet configuration fields #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
thathaneydude merged 2 commits into from
Sep 26, 2025
Merged

updating the Fleet configuration fields #10

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
15cc569
updating the Fleet configuration fields
thathaneydude Sep 26, 2025
bb91cef
mistype
thathaneydude Sep 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 12 additions & 11 deletions terraform/aws-flow-sensor/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,17 +30,18 @@ Flow Logs will only be processed for VPCs with flow log configurations matching
## Configuration
Once paired with Fleet, configure the AWS VPC Flow feature (Private Preview) under `Advanced` as follows:

| Configuration | Required | Default | Purpose | Example |
|------------------------------------|----------|----------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------|
| `vpc_flow.enable` | YES | N/A | Enables the service | Toggle On |
| `vpc_flow.bucket_name` | YES | N/A | VPC flow log s3 bucket name | `vpc-flow-logs` |
| `vpc_flow.bucket_region` | YES | N/A | VPC flow log bucket region | `us-east-1` |
| `vpc_flow.start_date` | YES | N/A | Date to begin processing flows in AWS format (YYYY/MM/DD) | `2025/06/01` |
| `vpc_flow.log_level` | NO | `info` | The log level of the service | `debug` |
| `vpc_flow.monitored_accounts` | NO | `nil` | Filters which account(s) the Flow Sensor will process logs. Attempts to process all accounts found in the bucket if not configured | `111111111111,222222222222` |
| `vpc_flow.monitored_vpcs` | NO | `nil` | Filters which VPC(s) the Flow Sensor will process logs. Attempts to process all VPCs with supported flow configurations found in each account if not configured | `vpc-12345,vpc-54321` |
| `vpc_flow.monitored_regions` | NO | `Default AWS Region List` | Filters which region(s) the Flow Sensor will process logs. Will enumerate VPCs in the `Default AWS Region List` if not configured | `us-east-1,us-east-2` |
| `vpc_flow.cross_account_role_name` | NO | `nil` | Name of the cross account role the Flow Sensor should assume into in each account. Will ignore any account that is not the account the Flow Sensor is deployed in if not configured. | `corelight-vpc-flow-cross-account-role` |
| Configuration | Required | Default | Purpose | Example |
|----------------------------------------|----------|----------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------|
| `vpc_flow.enable` | YES | N/A | Enables the service | Toggle On |
| `vpc_flow.log_level` | NO | `info` | The log level of the service | `debug` |
| `vpc_flow.log_meta` | NO | false | Adds the s3 object key, total flows, ENI, and AWS account ID to the resulting conn log | `true` |
| `vpc_flow.aws.bucket_name` | YES | N/A | VPC flow log s3 bucket name | `vpc-flow-logs` |
| `vpc_flow.aws.bucket_region` | YES | N/A | VPC flow log bucket region | `us-east-1` |
| `vpc_flow.aws.start_date` | YES | N/A | Date to begin processing flows in AWS format (YYYY/MM/DD) | `2025/06/01` |
| `vpc_flow.aws.monitored_accounts` | NO | `nil` | Filters which account(s) the Flow Sensor will process logs. Attempts to process all accounts found in the bucket if not configured | `111111111111,222222222222` |
| `vpc_flow.aws.monitored_vpcs` | NO | `nil` | Filters which VPC(s) the Flow Sensor will process logs. Attempts to process all VPCs with supported flow configurations found in each account if not configured | `vpc-12345,vpc-54321` |
| `vpc_flow.aws.monitored_regions` | NO | `Default AWS Region List` | Filters which region(s) the Flow Sensor will process logs. Will enumerate VPCs in the `Default AWS Region List` if not configured | `us-east-1,us-east-2` |
| `vpc_flow.aws.cross_account_role_name` | NO | `nil` | Name of the cross account role the Flow Sensor should assume into in each account. Will ignore any account that is not the account the Flow Sensor is deployed in if not configured. | `corelight-vpc-flow-cross-account-role` |

### Default AWS Region List
* `us-east-1`
Expand Down