diff --git a/README.md b/README.md
index 0e0ecab1c..f3a8b654d 100644
--- a/README.md
+++ b/README.md
@@ -435,6 +435,7 @@ No modules.
| [flow\_log\_cloudwatch\_iam\_role\_arn](#input\_flow\_log\_cloudwatch\_iam\_role\_arn) | The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow\_log\_destination\_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided. | `string` | `""` | no |
| [flow\_log\_cloudwatch\_log\_group\_kms\_key\_id](#input\_flow\_log\_cloudwatch\_log\_group\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data for VPC flow logs. | `string` | `null` | no |
| [flow\_log\_cloudwatch\_log\_group\_name\_prefix](#input\_flow\_log\_cloudwatch\_log\_group\_name\_prefix) | Specifies the name prefix of CloudWatch Log Group for VPC flow logs. | `string` | `"/aws/vpc-flow-log/"` | no |
+| [flow\_log\_cloudwatch\_log\_group\_name\_suffix](#input\_flow\_log\_cloudwatch\_log\_group\_name\_suffix) | Specifies the name suffix of CloudWatch Log Group for VPC flow logs. | `string` | `""` | no |
| [flow\_log\_cloudwatch\_log\_group\_retention\_in\_days](#input\_flow\_log\_cloudwatch\_log\_group\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group for VPC flow logs. | `number` | `null` | no |
| [flow\_log\_destination\_arn](#input\_flow\_log\_destination\_arn) | The ARN of the CloudWatch log group or S3 bucket where VPC Flow Logs will be pushed. If this ARN is a S3 bucket the appropriate permissions need to be set on that bucket's policy. When create\_flow\_log\_cloudwatch\_log\_group is set to false this argument must be provided. | `string` | `""` | no |
| [flow\_log\_destination\_type](#input\_flow\_log\_destination\_type) | Type of flow log destination. Can be s3 or cloud-watch-logs. | `string` | `"cloud-watch-logs"` | no |
diff --git a/examples/vpc-flow-logs/main.tf b/examples/vpc-flow-logs/main.tf
index 9a524e6d1..d22b4eed7 100644
--- a/examples/vpc-flow-logs/main.tf
+++ b/examples/vpc-flow-logs/main.tf
@@ -67,7 +67,10 @@ module "vpc_with_flow_logs_cloudwatch_logs_default" {
enable_flow_log = true
create_flow_log_cloudwatch_log_group = true
create_flow_log_cloudwatch_iam_role = true
- flow_log_max_aggregation_interval = 60
+
+ flow_log_max_aggregation_interval = 60
+ flow_log_cloudwatch_log_group_name_prefix = "/aws/my-amazing-vpc-flow-logz/"
+ flow_log_cloudwatch_log_group_name_suffix = "my-test"
vpc_flow_log_tags = local.tags
}
diff --git a/variables.tf b/variables.tf
index 7df9f4a29..e6561ef73 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1167,6 +1167,12 @@ variable "flow_log_cloudwatch_log_group_name_prefix" {
default = "/aws/vpc-flow-log/"
}
+variable "flow_log_cloudwatch_log_group_name_suffix" {
+ description = "Specifies the name suffix of CloudWatch Log Group for VPC flow logs."
+ type = string
+ default = ""
+}
+
variable "flow_log_cloudwatch_log_group_retention_in_days" {
description = "Specifies the number of days you want to retain log events in the specified log group for VPC flow logs."
type = number
diff --git a/vpc-flow-logs.tf b/vpc-flow-logs.tf
index 830c73c86..ac9f25758 100644
--- a/vpc-flow-logs.tf
+++ b/vpc-flow-logs.tf
@@ -5,8 +5,9 @@ locals {
create_flow_log_cloudwatch_iam_role = local.enable_flow_log && var.flow_log_destination_type != "s3" && var.create_flow_log_cloudwatch_iam_role
create_flow_log_cloudwatch_log_group = local.enable_flow_log && var.flow_log_destination_type != "s3" && var.create_flow_log_cloudwatch_log_group
- flow_log_destination_arn = local.create_flow_log_cloudwatch_log_group ? try(aws_cloudwatch_log_group.flow_log[0].arn, null) : var.flow_log_destination_arn
- flow_log_iam_role_arn = var.flow_log_destination_type != "s3" && local.create_flow_log_cloudwatch_iam_role ? try(aws_iam_role.vpc_flow_log_cloudwatch[0].arn, null) : var.flow_log_cloudwatch_iam_role_arn
+ flow_log_destination_arn = local.create_flow_log_cloudwatch_log_group ? try(aws_cloudwatch_log_group.flow_log[0].arn, null) : var.flow_log_destination_arn
+ flow_log_iam_role_arn = var.flow_log_destination_type != "s3" && local.create_flow_log_cloudwatch_iam_role ? try(aws_iam_role.vpc_flow_log_cloudwatch[0].arn, null) : var.flow_log_cloudwatch_iam_role_arn
+ flow_log_cloudwatch_log_group_name_suffix = var.flow_log_cloudwatch_log_group_name_suffix == "" ? local.vpc_id : var.flow_log_cloudwatch_log_group_name_suffix
}
################################################################################
@@ -44,7 +45,7 @@ resource "aws_flow_log" "this" {
resource "aws_cloudwatch_log_group" "flow_log" {
count = local.create_flow_log_cloudwatch_log_group ? 1 : 0
- name = "${var.flow_log_cloudwatch_log_group_name_prefix}${local.vpc_id}"
+ name = "${var.flow_log_cloudwatch_log_group_name_prefix}${local.flow_log_cloudwatch_log_group_name_suffix}"
retention_in_days = var.flow_log_cloudwatch_log_group_retention_in_days
kms_key_id = var.flow_log_cloudwatch_log_group_kms_key_id