feat(resource_vpc_flow_log): added logformat field

aws/resource_aws_flow_log.go

@@ -86,6 +86,13 @@ func resourceAwsFlowLog() *schema.Resource {
 				Required: true,
 				ForceNew: true,
 			},
+
+			"log_format": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+				Computed: true,
+			},
 		},
 	}
 }
@@ -134,6 +141,9 @@ func resourceAwsLogFlowCreate(d *schema.ResourceData, meta interface{}) error {
 	if v, ok := d.GetOk("log_group_name"); ok && v != "" {
 		opts.LogGroupName = aws.String(v.(string))
 	}
+	if v, ok := d.GetOk("log_format"); ok && v != "" {
+		opts.LogFormat = aws.String(v.(string))
+	}
 
 	log.Printf(
 		"[DEBUG] Flow Log Create configuration: %s", opts)
@@ -181,7 +191,7 @@ func resourceAwsLogFlowRead(d *schema.ResourceData, meta interface{}) error {
 	d.Set("log_destination_type", fl.LogDestinationType)
 	d.Set("log_group_name", fl.LogGroupName)
 	d.Set("iam_role_arn", fl.DeliverLogsPermissionArn)
-
+	d.Set("log_format", fl.LogFormat)
 	var resourceKey string
 	if strings.HasPrefix(*fl.ResourceId, "vpc-") {
 		resourceKey = "vpc_id"

aws/resource_aws_flow_log_test.go

@@ -51,6 +51,38 @@ func TestAccAWSFlowLog_VPCID(t *testing.T) {
 	})
 }
 
+func TestAccAWSFlowLog_LogFormat(t *testing.T) {
+	var flowLog ec2.FlowLog
+	resourceName := "aws_flow_log.test"
+	rName := acctest.RandomWithPrefix("tf-acc-test")
+	logFormat := "${version} ${vpc-id} ${subnet-id}"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckFlowLogDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccFlowLogConfig_LogFormat(rName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckFlowLogExists(resourceName, &flowLog),
+					testAccCheckAWSFlowLogAttributes(&flowLog),
+					resource.TestCheckResourceAttr(resourceName, "log_format", logFormat),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config:             testAccFlowLogConfig_LogDestinationType_CloudWatchLogs(rName),
+				ExpectNonEmptyPlan: false,
+			},
+		},
+	})
+}
+
 func TestAccAWSFlowLog_SubnetID(t *testing.T) {
 	var flowLog ec2.FlowLog
 	cloudwatchLogGroupResourceName := "aws_cloudwatch_log_group.test"
@@ -406,3 +438,56 @@ resource "aws_flow_log" "test" {
 }
 `, rName, rName, rName)
 }
+func testAccFlowLogConfig_LogFormat(rName string) string {
+	return fmt.Sprintf(`
+resource "aws_vpc" "test" {
+  cidr_block = "10.0.0.0/16"
+
+  tags = {
+    Name = %q
+  }
+}
+
+resource "aws_iam_role" "test" {
+  name = %q
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": [
+          "ec2.amazonaws.com"
+        ]
+      },
+      "Action": [
+        "sts:AssumeRole"
+      ]
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_cloudwatch_log_group" "test" {
+  name = %q
+}
+resource "aws_s3_bucket" "test" {
+	bucket        = %q
+	force_destroy = true
+  }
+  
+
+resource "aws_flow_log" "test" {
+  log_destination      = "${aws_s3_bucket.test.arn}"
+  log_destination_type = "s3"
+  iam_role_arn   = "${aws_iam_role.test.arn}"
+
+  traffic_type   = "ALL"
+  vpc_id         = "${aws_vpc.test.id}"
+  log_format     = "$${version} $${vpc-id} $${subnet-id}"
+}
+`, rName, rName, rName, rName)
+}

website/docs/r/flow_log.html.markdown

@@ -100,6 +100,7 @@ The following arguments are supported:
 * `log_group_name` - (Optional) *Deprecated:* Use `log_destination` instead. The name of the CloudWatch log group.
 * `subnet_id` - (Optional) Subnet ID to attach to
 * `vpc_id` - (Optional) VPC ID to attach to
+* `log_format` - (Optional) The fields to include in the flow log record, in the order in which they should appear.
 
 ## Attributes Reference