jewelsjacobs/cdk.json

## cdk.json
{
    "app": "python3 app.py",
    "context": {
        "serviceName": "vpc-cdk",
        "dev": {
            "cidr": "10.60.0.0/16",
            "vpcAzCount": 1,
            "region": "us-east-1"
        }
    }
}

## vpc_flow.py
from aws_cdk import (
    core,
    aws_ec2 as ec2,
    aws_iam as iam,
    aws_logs as logs
)

class CdkStack(core.Stack):

    def __init__(self, scope: core.Construct, id: str, props, **kwargs) -> None:
        super().__init__(scope, id, **kwargs)

        # VPC Setup
        stage = scope.node.try_get_context('stage')

        service_name = scope.node.try_get_context('serviceName')

        # Setup IAM user for logs
        vpc_flow_role = iam.Role(
            self, 'FlowLog',
            assumed_by=iam.ServicePrincipal('vpc-flow-logs.amazonaws.com')
        )

        # Create Cloudwatch log group
        log_group = logs.LogGroup(
            self, 'LogGroup',
            log_group_name=service_name,
            retention=logs.RetentionDays('ONE_YEAR'),
            removal_policy=core.RemovalPolicy('DESTROY')
            )

        # Setup VPC resource
        vpc = ec2.Vpc(
            self, '{0}-{1}-vpc'.format(service_name, stage),
            cidr=props['cidr'],
            max_azs=props['vpcAzCount']
        )

        # Setup VPC flow logs
        vpc_log = ec2.CfnFlowLog(
            self, 'FlowLogs',
            resource_id=vpc.vpc_id,
            resource_type='VPC',
            traffic_type='ALL',
            deliver_logs_permission_arn=vpc_flow_role.role_arn,
            log_destination_type='cloud-watch-logs',
            log_group_name=log_group.log_group_name
        )
	{
	"app": "python3 app.py",
	"context": {
	"serviceName": "vpc-cdk",
	"dev": {
	"cidr": "10.60.0.0/16",
	"vpcAzCount": 1,
	"region": "us-east-1"
	}
	}
	}
	from aws_cdk import (
	core,
	aws_ec2 as ec2,
	aws_iam as iam,
	aws_logs as logs
	)

	class CdkStack(core.Stack):

	def __init__(self, scope: core.Construct, id: str, props, **kwargs) -> None:
	super().__init__(scope, id, **kwargs)

	# VPC Setup
	stage = scope.node.try_get_context('stage')

	service_name = scope.node.try_get_context('serviceName')

	# Setup IAM user for logs
	vpc_flow_role = iam.Role(
	self, 'FlowLog',
	assumed_by=iam.ServicePrincipal('vpc-flow-logs.amazonaws.com')
	)

	# Create Cloudwatch log group
	log_group = logs.LogGroup(
	self, 'LogGroup',
	log_group_name=service_name,
	retention=logs.RetentionDays('ONE_YEAR'),
	removal_policy=core.RemovalPolicy('DESTROY')
	)

	# Setup VPC resource
	vpc = ec2.Vpc(
	self, '{0}-{1}-vpc'.format(service_name, stage),
	cidr=props['cidr'],
	max_azs=props['vpcAzCount']
	)

	# Setup VPC flow logs
	vpc_log = ec2.CfnFlowLog(
	self, 'FlowLogs',
	resource_id=vpc.vpc_id,
	resource_type='VPC',
	traffic_type='ALL',
	deliver_logs_permission_arn=vpc_flow_role.role_arn,
	log_destination_type='cloud-watch-logs',
	log_group_name=log_group.log_group_name
	)