{ "AWSTemplateFormatVersion": "2010-09-09", "Metadata": { "AWS::CloudFormation::Designer": { "0a1a6138-1ff0-4f15-a76a-ba07512eb7f8": { "size": { "width": 60, "height": 60 }, "position": { "x": 630, "y": 350 }, "z": 0, "embeds": [] }, "591669ae-deee-45bc-971c-6754043f9c29": { "size": { "width": 60, "height": 60 }, "position": { "x": 480, "y": 150 }, "z": 0, "embeds": [] }, "c05439f4-9140-4985-8695-479f55acc72b": { "size": { "width": 60, "height": 60 }, "position": { "x": 480, "y": 350 }, "z": 0, "embeds": [], "dependson": [ "e33ffdd9-e74e-46fb-a4d3-c9fef0bb2722", "81b1127e-d96c-439d-af4d-c35d2e832666", "591669ae-deee-45bc-971c-6754043f9c29", "0a1a6138-1ff0-4f15-a76a-ba07512eb7f8" ] }, "81b1127e-d96c-439d-af4d-c35d2e832666": { "size": { "width": 140, "height": 140 }, "position": { "x": 240, "y": 320 }, "z": 0, "embeds": [] }, "e33ffdd9-e74e-46fb-a4d3-c9fef0bb2722": { "size": { "width": 60, "height": 60 }, "position": { "x": 480, "y": 10 }, "z": 0, "embeds": [] }, "c3a9bc1d-4d73-4e74-bdd7-e85fc6f46546": { "size": { "width": 60, "height": 60 }, "position": { "x": 290, "y": 150 }, "z": 0, "embeds": [] }, "b3afdd74-65e8-463d-975c-9ff635aea388": { "size": { "width": 60, "height": 60 }, "position": { "x": 290, "y": 10 }, "z": 0, "embeds": [] }, "582de9dd-b636-4858-ade1-af7197657e39": { "source": { "id": "c05439f4-9140-4985-8695-479f55acc72b" }, "target": { "id": "81b1127e-d96c-439d-af4d-c35d2e832666" }, "z": 11 }, "0463f822-98aa-4b0d-aa0b-f99d7c1e37ac": { "source": { "id": "c05439f4-9140-4985-8695-479f55acc72b" }, "target": { "id": "591669ae-deee-45bc-971c-6754043f9c29" }, "z": 12 }, "a3844565-d13b-4286-9bb5-82ec98a441aa": { "source": { "id": "c05439f4-9140-4985-8695-479f55acc72b" }, "target": { "id": "0a1a6138-1ff0-4f15-a76a-ba07512eb7f8" }, "z": 13 } } }, "Parameters": { "CwlGroupRetentionPeriod": { "Description": "CloudWatch Logs group: Logs retention period in days", "Type": "Number", "Default": "30", "AllowedValues": [ 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653 ] }, "KinesisShardsNumber": { "Description": "Kinesis stream: Number of shards", "Type": "Number", "Default": "1", "MinValue": "1" }, "KinesisRetentionPeriod": { "Description": "Kinesis stream: Data retention period in hours", "Type": "Number", "Default": "24", "MinValue": "24", "MaxValue": "168" } }, "Resources": { "NFLPermissionsPolicyForCWL": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": "NFLPermissionsPolicyForCWL", "Roles": [ { "Ref": "NFLCwlToKinesisRole" } ], "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "kinesis:PutRecord", "Resource": { "Fn::GetAtt": [ "NFLVpcKinesisStream", "Arn" ] } }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": { "Fn::GetAtt": [ "NFLCwlToKinesisRole", "Arn" ] } } ] } }, "Metadata": { "AWS::CloudFormation::Designer": { "id": "e33ffdd9-e74e-46fb-a4d3-c9fef0bb2722" } } }, "NFLVpcFlowLogsSubscriptionFilter": { "Type": "AWS::Logs::SubscriptionFilter", "Properties": { "DestinationArn": { "Fn::GetAtt": [ "NFLVpcKinesisStream", "Arn" ] }, "FilterPattern": "", "LogGroupName": { "Ref": "NFLVpcFlowLogGroup" }, "RoleArn": { "Fn::GetAtt": [ "NFLCwlToKinesisRole", "Arn" ] } }, "Metadata": { "AWS::CloudFormation::Designer": { "id": "c05439f4-9140-4985-8695-479f55acc72b" } }, "DependsOn": [ "NFLPermissionsPolicyForCWL", "NFLVpcFlowLogGroup", "NFLCwlToKinesisRole", "NFLVpcKinesisStream" ] }, "NFLVpcFlowLogGroup": { "Type": "AWS::Logs::LogGroup", "Properties": { "LogGroupName": { "Fn::Join": [ "_", [ "NFLVpcFlowLogGroup", { "Ref": "AWS::StackName" }, { "Ref": "AWS::Region" } ] ] }, "RetentionInDays": { "Ref": "CwlGroupRetentionPeriod" } }, "Metadata": { "AWS::CloudFormation::Designer": { "id": "81b1127e-d96c-439d-af4d-c35d2e832666" } } }, "NFLVpcKinesisStream": { "Type": "AWS::Kinesis::Stream", "Properties": { "Name": { "Fn::Join": [ "_", [ "NFLVpcKinesisStream", { "Ref": "AWS::StackName" }, { "Ref": "AWS::Region" } ] ] }, "RetentionPeriodHours": { "Ref": "KinesisRetentionPeriod" }, "ShardCount": { "Ref": "KinesisShardsNumber" } }, "Metadata": { "AWS::CloudFormation::Designer": { "id": "0a1a6138-1ff0-4f15-a76a-ba07512eb7f8" } } }, "NFLCwlToKinesisRole": { "Type": "AWS::IAM::Role", "Properties": { "RoleName": { "Fn::Join": [ "_", [ "NFLCwlToKinesisRole", { "Ref": "AWS::StackName" }, { "Ref": "AWS::Region" } ] ] }, "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Principal": { "Service": { "Fn::Join": [ "", [ "logs.", { "Ref": "AWS::Region" }, ".amazonaws.com" ] ] } }, "Action": "sts:AssumeRole" } } }, "Metadata": { "AWS::CloudFormation::Designer": { "id": "591669ae-deee-45bc-971c-6754043f9c29" } } }, "NFLVpcFlowLogRole": { "Type": "AWS::IAM::Role", "Properties": { "RoleName": { "Fn::Join": [ "_", [ "NFLVpcFlowLogRole", { "Ref": "AWS::StackName" }, { "Ref": "AWS::Region" } ] ] }, "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "vpc-flow-logs.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }, "Path": "/" }, "Metadata": { "AWS::CloudFormation::Designer": { "id": "c3a9bc1d-4d73-4e74-bdd7-e85fc6f46546" } } }, "NFLVpcFlowLogPolicy": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": "NFLVpcFlowLogPolicy", "Roles": [ { "Ref": "NFLVpcFlowLogRole" } ], "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogGroups", "logs:DescribeLogStreams" ], "Effect": "Allow", "Resource": "*" } ] } }, "Metadata": { "AWS::CloudFormation::Designer": { "id": "b3afdd74-65e8-463d-975c-9ff635aea388" } } } } }