Skip to content

Resource: aws_ec2_traffic_mirror_session#

Manages a traffic mirror session. For details about traffic mirroring, see the user documentation.

Example Usage#

To create a basic traffic mirror session, use:

variable ami {}
variable instance_type {}

data "aws_availability_zones" "azs" {
  state = "available"
}

resource "aws_vpc" "vpc" {
  cidr_block = "10.0.0.0/16"
}

resource "aws_subnet" "sub1" {
  vpc_id            = aws_vpc.vpc.id
  cidr_block        = "10.0.0.0/24"
  availability_zone = data.aws_availability_zones.azs.names[0]
}

resource "aws_instance" "dst" {
  ami           = var.ami
  instance_type = var.instance_type
  subnet_id     = aws_subnet.sub1.id
}

resource "aws_instance" "src" {
  ami           = var.ami
  instance_type = var.instance_type
  subnet_id     = aws_subnet.sub1.id
}

resource "aws_ec2_traffic_mirror_filter" "filter" {
  description = "traffic mirror filter - terraform example"
}

resource "aws_ec2_traffic_mirror_target" "target" {
  description          = "ENI target"
  network_interface_id = aws_instance.dst.primary_network_interface_id
}

resource "aws_ec2_traffic_mirror_session" "session" {
  description              = "traffic mirror session - terraform example"
  network_interface_id     = aws_instance.src.primary_network_interface_id
  session_number           = 1
  traffic_mirror_filter_id = aws_ec2_traffic_mirror_filter.filter.id
  traffic_mirror_target_id = aws_ec2_traffic_mirror_target.target.id
}

Argument Reference#

The following arguments are supported:

  • network_interface_id - (Required, Forces new resource) ID of the source network interface.
  • session_number - (Required, Editable) The session number determines the order in which sessions are evaluated when the interface is used by multiple sessions. The first session with a matching filter is the one that mirrors the packets.
  • traffic_mirror_filter_id - (Required, Editable) ID of the traffic mirror filter to be used.
  • traffic_mirror_target_id - (Required, Editable) ID of the traffic mirror target to be used.
  • description - (Optional, Editable) Description of the traffic mirror session.
  • tags - (Optional, Editable) Map of tags to assign to the traffic mirror session. If a provider default_tags configuration block is used, tags with matching keys will overwrite those defined at the provider level.

Attribute Reference#

In addition to all arguments above, the following attributes are exported:

  • arn - The Amazon Resource Name (ARN) of the traffic mirror session.
  • id - The ID of the traffic mirror session.
  • owner_id - The ID of the project that owns the traffic mirror session.
  • tags_all - Map of tags assigned to the traffic mirror session, including those inherited from the provider default_tags configuration block.

Import#

In Terraform v1.5.0 or later, traffic mirror session can be imported by id using the import block.

import {
  to = aws_ec2_traffic_mirror_session.session
  id = "tms-12345678"
}

In older Terraform versions, the traffic mirror session can be imported by its id using terraform import, e.g.:

% terraform import aws_ec2_traffic_mirror_session.session tms-12345678