Resource: awsEc2TrafficMirrorSession
Provides an Traffic mirror session.\ Read limits and considerations for traffic mirroring
Example Usage
To create a basic traffic mirror session
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsEc2TrafficMirrorFilterFilter =
new aws.ec2TrafficMirrorFilter.Ec2TrafficMirrorFilter(this, "filter", {
description: "traffic mirror filter - terraform example",
networkServices: ["amazon-dns"],
});
const awsEc2TrafficMirrorTargetTarget =
new aws.ec2TrafficMirrorTarget.Ec2TrafficMirrorTarget(this, "target", {
networkLoadBalancerArn: "${aws_lb.lb.arn}",
});
new aws.ec2TrafficMirrorSession.Ec2TrafficMirrorSession(this, "session", {
description: "traffic mirror session - terraform example",
networkInterfaceId: "${aws_instance.test.primary_network_interface_id}",
sessionNumber: 1,
trafficMirrorFilterId: awsEc2TrafficMirrorFilterFilter.id,
trafficMirrorTargetId: awsEc2TrafficMirrorTargetTarget.id,
});
Argument Reference
The following arguments are supported:
description
- (Optional) A description of the traffic mirror session.networkInterfaceId
- (Required, Forces new) ID of the source network interface. Not all network interfaces are eligible as mirror sources. On EC2 instances only nitro based instances support mirroring.trafficMirrorFilterId
- (Required) ID of the traffic mirror filter to be usedtrafficMirrorTargetId
- (Required) ID of the traffic mirror target to be usedpacketLength
- (Optional) The number of bytes in each packet to mirror. These are bytes after the VXLAN header. Do not specify this parameter when you want to mirror the entire packet. To mirror a subset of the packet, set this to the length (in bytes) that you want to mirror.sessionNumber
- (Required) - The session number determines the order in which sessions are evaluated when an interface is used by multiple sessions. The first session with a matching filter is the one that mirrors the packets.virtualNetworkId
- (Optional) - The VXLAN ID for the Traffic Mirror session. For more information about the VXLAN protocol, see RFC 7348. If you do not specify a VirtualNetworkId, an account-wide unique id is chosen at random.tags
- (Optional) Key-value map of resource tags. If configured with a providerdefaultTags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
arn
- The ARN of the traffic mirror session.id
- The name of the session.tagsAll
- A map of tags assigned to the resource, including those inherited from the providerdefaultTags
configuration block.ownerId
- The AWS account ID of the session owner.
Import
Traffic mirror sessions can be imported using the id
, e.g.,