From e1e43d979d5b80cd6556176c8c3eb1689a2e856b Mon Sep 17 00:00:00 2001
From: Daniel Klein <daniel@hellolanding.com>
Date: Wed, 4 Sep 2024 13:12:20 -0500
Subject: [PATCH] account for cases when we are using an existing cloudwatch
 log group

---
 vpc-flow-logs.tf | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/vpc-flow-logs.tf b/vpc-flow-logs.tf
index d44cd4d75..b664322e6 100644
--- a/vpc-flow-logs.tf
+++ b/vpc-flow-logs.tf
@@ -17,16 +17,22 @@ locals {
   # Only create flow log if user selected to create a VPC as well
   enable_flow_log = var.create_vpc && var.enable_flow_log
 
-  create_flow_log_cloudwatch_iam_role  = local.enable_flow_log && var.flow_log_destination_type != "s3" && var.create_flow_log_cloudwatch_iam_role
-  create_flow_log_cloudwatch_log_group = local.enable_flow_log && var.flow_log_destination_type != "s3" && var.create_flow_log_cloudwatch_log_group
+  create_flow_log_cloudwatch_iam_role        = local.enable_flow_log && var.flow_log_destination_type != "s3" && var.create_flow_log_cloudwatch_iam_role
+  create_flow_log_cloudwatch_log_group       = local.enable_flow_log && var.flow_log_destination_type != "s3" && var.create_flow_log_cloudwatch_log_group
+  use_existing_flow_log_cloudwatch_log_group = local.enable_flow_log && var.flow_log_destination_type == "cloud-watch-logs" && !var.create_flow_log_cloudwatch_log_group
 
   flow_log_destination_arn                  = local.create_flow_log_cloudwatch_log_group ? try(aws_cloudwatch_log_group.flow_log[0].arn, null) : var.flow_log_destination_arn
   flow_log_iam_role_arn                     = var.flow_log_destination_type != "s3" && local.create_flow_log_cloudwatch_iam_role ? try(aws_iam_role.vpc_flow_log_cloudwatch[0].arn, null) : var.flow_log_cloudwatch_iam_role_arn
   flow_log_cloudwatch_log_group_name_suffix = var.flow_log_cloudwatch_log_group_name_suffix == "" ? local.vpc_id : var.flow_log_cloudwatch_log_group_name_suffix
-  flow_log_group_arns = [
-    for log_group in aws_cloudwatch_log_group.flow_log :
-    "arn:${data.aws_partition.current[0].partition}:logs:${data.aws_region.current[0].name}:${data.aws_caller_identity.current[0].account_id}:log-group:${log_group.name}:*"
-  ]
+  flow_log_group_arns = compact(
+    concat(
+      [
+        for log_group in aws_cloudwatch_log_group.flow_log :
+        "arn:${data.aws_partition.current[0].partition}:logs:${data.aws_region.current[0].name}:${data.aws_caller_identity.current[0].account_id}:log-group:${log_group.name}:*"
+      ],
+      local.use_existing_flow_log_cloudwatch_log_group ? [var.flow_log_destination_arn] : []
+    )
+  )
 }
 
 ################################################################################