From 5069fd29f9dd813481cfde5d56bc1361bb1a3a04 Mon Sep 17 00:00:00 2001
From: alphad05 <alphad05@yahoo.com>
Date: Tue, 11 Feb 2020 20:55:30 -0800
Subject: [PATCH] Associate VPCFlowLog with VPC

Associate VPCFlowLow with the VPC it is for to ensure accurate check. If there are multiple VPCs in a region and only some have VPC flow logs, current check will pass all VPCs even those without VPC flow logs.
---
 checks/check29 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/checks/check29 b/checks/check29
index c92542b0..d1f23dc8 100644
--- a/checks/check29
+++ b/checks/check29
@@ -19,13 +19,13 @@ check29(){
   for regx in $REGIONS; do
     AVAILABLE_VPC=$($AWSCLI ec2 describe-vpcs $PROFILE_OPT --region $regx --query 'Vpcs[?State==`available`].VpcId' --output text)
     for vpcx in $AVAILABLE_VPC; do
-      CHECK_FL=$($AWSCLI ec2 describe-flow-logs $PROFILE_OPT --region $regx --query 'FlowLogs[?FlowLogStatus==`ACTIVE`||ResourceId==`${vpcx}`].FlowLogId' --output text)
+      CHECK_FL=$($AWSCLI ec2 describe-flow-logs $PROFILE_OPT --region $regx --filter Name="resource-id",Values="${vpcx}" --query 'FlowLogs[?FlowLogStatus==`ACTIVE`].FlowLogId' --output text)
       if [[ $CHECK_FL ]];then
         for FL in $CHECK_FL;do
-          textPass "VPCFlowLog is enabled for LogGroupName: $FL in Region $regx" "$regx"
+          textPass "VPC $vpcx: VPCFlowLog is enabled for LogGroupName: $FL in Region $regx" "$regx"
         done
       else
-        textFail "No VPCFlowLog has been found in Region $regx" "$regx"
+        textFail "VPC $vpcx: No VPCFlowLog has been found in Region $regx" "$regx"
       fi      
     done
   done