Skip to content

Resource: awsEc2TrafficMirrorSession

Provides an Traffic mirror session.\ Read limits and considerations for traffic mirroring

Example Usage

To create a basic traffic mirror session

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsEc2TrafficMirrorFilterFilter =
  new aws.ec2TrafficMirrorFilter.Ec2TrafficMirrorFilter(this, "filter", {
    description: "traffic mirror filter - terraform example",
    networkServices: ["amazon-dns"],
  });
const awsEc2TrafficMirrorTargetTarget =
  new aws.ec2TrafficMirrorTarget.Ec2TrafficMirrorTarget(this, "target", {
    networkLoadBalancerArn: "${aws_lb.lb.arn}",
  });
new aws.ec2TrafficMirrorSession.Ec2TrafficMirrorSession(this, "session", {
  description: "traffic mirror session - terraform example",
  networkInterfaceId: "${aws_instance.test.primary_network_interface_id}",
  sessionNumber: 1,
  trafficMirrorFilterId: awsEc2TrafficMirrorFilterFilter.id,
  trafficMirrorTargetId: awsEc2TrafficMirrorTargetTarget.id,
});

Argument Reference

The following arguments are supported:

  • description - (Optional) A description of the traffic mirror session.
  • networkInterfaceId - (Required, Forces new) ID of the source network interface. Not all network interfaces are eligible as mirror sources. On EC2 instances only nitro based instances support mirroring.
  • trafficMirrorFilterId - (Required) ID of the traffic mirror filter to be used
  • trafficMirrorTargetId - (Required) ID of the traffic mirror target to be used
  • packetLength - (Optional) The number of bytes in each packet to mirror. These are bytes after the VXLAN header. Do not specify this parameter when you want to mirror the entire packet. To mirror a subset of the packet, set this to the length (in bytes) that you want to mirror.
  • sessionNumber - (Required) - The session number determines the order in which sessions are evaluated when an interface is used by multiple sessions. The first session with a matching filter is the one that mirrors the packets.
  • virtualNetworkId - (Optional) - The VXLAN ID for the Traffic Mirror session. For more information about the VXLAN protocol, see RFC 7348. If you do not specify a VirtualNetworkId, an account-wide unique id is chosen at random.
  • tags - (Optional) Key-value map of resource tags. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • arn - The ARN of the traffic mirror session.
  • id - The name of the session.
  • tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.
  • ownerId - The AWS account ID of the session owner.

Import

Traffic mirror sessions can be imported using the id, e.g.,

$ terraform import aws_ec2_traffic_mirror_session.session tms-0d8aa3ca35897b82e