Hi There
I went through the workflow in the attached document.
I understand that you want to move from VPCFlow -> Cloudwatch Logs- > Lambda -> Splunk to VPCFlow -> S3
However, I find one thing confusing, in the diagram i.e.
If Flow Log exists then why do you want to delete the flow log after setting the expiry (for both S3 & CldWatch)?
Is it because you want all your existing Flow Logs to be mapped to only the new S3 bucket created by this script?
Also, it wasn't clear in the document if you want to visualize the S3 FlowLogs with Splunk or do you want to use AWS Athena?
Besides, I can finish this within a single day for sure.
Cheers
Jay