chore(ec2): support new vpc flow log fields in v7 (#30202)

### Reason for this change

VPC Flow log added several fields regarding ECS in v7.
https://aws.amazon.com/about-aws/whats-new/2024/05/amazon-vpc-flow-logs-extends-support-ecs/
https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-log-records

This change supports these fields in L2 construct.

### Description of changes

Added new log fields to `LogFormat` class.

### Description of how you validated changes

Unit test and integ test are both updated. Changes of logFormat configuration requires resource replacement, which is necessary.
It seems like that in order to enable these ecs related log fields, at least one ECS cluster is required in the VPC. So a new ECS cluster is also created in the integ test.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: clueleaf

packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.js.snapshot/FlowLogsTestStack.assets.json

@@ -531,6 +531,9 @@
     "TrafficType": "ALL"
    }
   },
+  "ECSCluster7D463CD4": {
+   "Type": "AWS::ECS::Cluster"
+  },
   "FlowLogsAllFormatCWIAMRoleAF92546B": {
    "Type": "AWS::IAM::Role",
    "Properties": {
@@ -618,7 +621,7 @@
      ]
     },
     "LogDestinationType": "cloud-watch-logs",
-    "LogFormat": "${version} ${account-id} ${interface-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${protocol} ${packets} ${bytes} ${start} ${end} ${action} ${log-status} ${vpc-id} ${subnet-id} ${instance-id} ${tcp-flags} ${type} ${pkt-srcaddr} ${pkt-dstaddr} ${region} ${az-id} ${sublocation-type} ${sublocation-id} ${pkt-src-aws-service} ${pkt-dst-aws-service} ${flow-direction} ${traffic-path}",
+    "LogFormat": "${version} ${account-id} ${interface-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${protocol} ${packets} ${bytes} ${start} ${end} ${action} ${log-status} ${vpc-id} ${subnet-id} ${instance-id} ${tcp-flags} ${type} ${pkt-srcaddr} ${pkt-dstaddr} ${region} ${az-id} ${sublocation-type} ${sublocation-id} ${pkt-src-aws-service} ${pkt-dst-aws-service} ${flow-direction} ${traffic-path} ${ecs-cluster-arn} ${ecs-cluster-name} ${ecs-container-instance-arn} ${ecs-container-instance-id} ${ecs-container-id} ${ecs-second-container-id} ${ecs-service-name} ${ecs-task-definition-arn} ${ecs-task-arn} ${ecs-task-id}",
     "LogGroupName": {
      "Ref": "FlowLogsAllFormatCWLogGroup3DAB6837"
     },

packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.js.snapshot/FlowLogsTestStack.template.json

@@ -1,4 +1,5 @@
 import { Bucket } from 'aws-cdk-lib/aws-s3';
+import { Cluster } from 'aws-cdk-lib/aws-ecs';
 import { App, Stack, StackProps, RemovalPolicy } from 'aws-cdk-lib';
 import { IntegTest } from '@aws-cdk/integ-tests-alpha';
 import { FlowLog, FlowLogDestination, FlowLogResourceType, Vpc, LogFormat } from 'aws-cdk-lib/aws-ec2';
@@ -19,6 +20,9 @@ class TestStack extends Stack {
         LogFormat.SRC_PORT,
       ],
     });
+
+    new Cluster(this, 'ECSCluster', { vpc });
+
     new FlowLog(this, 'FlowLogsAllFormatCW', {
       resourceType: FlowLogResourceType.fromVpc(vpc),
       logFormat: [
@@ -51,6 +55,16 @@ class TestStack extends Stack {
         LogFormat.PKT_DST_AWS_SERVICE,
         LogFormat.FLOW_DIRECTION,
         LogFormat.TRAFFIC_PATH,
+        LogFormat.ECS_CLUSTER_ARN,
+        LogFormat.ECS_CLUSTER_NAME,
+        LogFormat.ECS_CONTAINER_INSTANCE_ARN,
+        LogFormat.ECS_CONTAINER_INSTANCE_ID,
+        LogFormat.ECS_CONTAINER_ID,
+        LogFormat.ECS_SECOND_CONTAINER_ID,
+        LogFormat.ECS_SERVICE_NAME,
+        LogFormat.ECS_TASK_DEFINITION_ARN,
+        LogFormat.ECS_TASK_ARN,
+        LogFormat.ECS_TASK_ID,
       ],
     });
 

packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.js.snapshot/manifest.json

@@ -646,6 +646,58 @@ export class LogFormat {
    */
   public static readonly TRAFFIC_PATH = LogFormat.field('traffic-path');
 
+  /**
+   * AWS Resource Name (ARN) of the ECS cluster if the traffic is from a running ECS task.
+   */
+  public static readonly ECS_CLUSTER_ARN = LogFormat.field('ecs-cluster-arn');
+
+  /**
+   * Name of the ECS cluster if the traffic is from a running ECS task.
+   */
+  public static readonly ECS_CLUSTER_NAME = LogFormat.field('ecs-cluster-name');
+
+  /**
+   * ARN of the ECS container instance if the traffic is from a running ECS task on an EC2 instance.
+   */
+  public static readonly ECS_CONTAINER_INSTANCE_ARN = LogFormat.field('ecs-container-instance-arn');
+
+  /**
+   * ID of the ECS container instance if the traffic is from a running ECS task on an EC2 instance.
+   */
+  public static readonly ECS_CONTAINER_INSTANCE_ID = LogFormat.field('ecs-container-instance-id');
+
+  /**
+   * Docker runtime ID of the container if the traffic is from a running ECS task.
+   * If there is one container or more in the ECS task, this will be the docker runtime ID of the first container.
+   */
+  public static readonly ECS_CONTAINER_ID = LogFormat.field('ecs-container-id');
+
+  /**
+   * Docker runtime ID of the container if the traffic is from a running ECS task.
+   * If there is more than one container in the ECS task, this will be the Docker runtime ID of the second container.
+   */
+  public static readonly ECS_SECOND_CONTAINER_ID = LogFormat.field('ecs-second-container-id');
+
+  /**
+   * Name of the ECS service if the traffic is from a running ECS task and the ECS task is started by an ECS service.
+   */
+  public static readonly ECS_SERVICE_NAME = LogFormat.field('ecs-service-name');
+
+  /**
+   * ARN of the ECS task definition if the traffic is from a running ECS task.
+   */
+  public static readonly ECS_TASK_DEFINITION_ARN = LogFormat.field('ecs-task-definition-arn');
+
+  /**
+   * ARN of the ECS task if the traffic is from a running ECS task.
+   */
+  public static readonly ECS_TASK_ARN = LogFormat.field('ecs-task-arn');
+
+  /**
+   * ID of the ECS task if the traffic is from a running ECS task.
+   */
+  public static readonly ECS_TASK_ID = LogFormat.field('ecs-task-id');
+
   /**
    * The default format.
    */

packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-flow-logs-customformat.js.snapshot/tree.json

@@ -712,6 +712,16 @@ test('log format for built-in types is correct', () => {
       LogFormat.PKT_DST_AWS_SERVICE,
       LogFormat.FLOW_DIRECTION,
       LogFormat.TRAFFIC_PATH,
+      LogFormat.ECS_CLUSTER_ARN,
+      LogFormat.ECS_CLUSTER_NAME,
+      LogFormat.ECS_CONTAINER_INSTANCE_ARN,
+      LogFormat.ECS_CONTAINER_INSTANCE_ID,
+      LogFormat.ECS_CONTAINER_ID,
+      LogFormat.ECS_SECOND_CONTAINER_ID,
+      LogFormat.ECS_SERVICE_NAME,
+      LogFormat.ECS_TASK_DEFINITION_ARN,
+      LogFormat.ECS_TASK_ARN,
+      LogFormat.ECS_TASK_ID,
     ],
   });
 
@@ -722,7 +732,10 @@ test('log format for built-in types is correct', () => {
                 + '${dstport} ${protocol} ${packets} ${bytes} ${start} ${end} ${action} ${log-status} '
                 + '${vpc-id} ${subnet-id} ${instance-id} ${tcp-flags} ${type} ${pkt-srcaddr} '
                 + '${pkt-dstaddr} ${region} ${az-id} ${sublocation-type} ${sublocation-id} '
-                + '${pkt-src-aws-service} ${pkt-dst-aws-service} ${flow-direction} ${traffic-path}'),
+                + '${pkt-src-aws-service} ${pkt-dst-aws-service} ${flow-direction} ${traffic-path} '
+                + '${ecs-cluster-arn} ${ecs-cluster-name} ${ecs-container-instance-arn} ${ecs-container-instance-id} '
+                + '${ecs-container-id} ${ecs-second-container-id} ${ecs-service-name} ${ecs-task-definition-arn} '
+                + '${ecs-task-arn} ${ecs-task-id}'),
   });
 });