diff --git a/README.md b/README.md
index e786da3..5c96638 100644
--- a/README.md
+++ b/README.md
@@ -42,6 +42,7 @@ No modules.
 | [aws_ecs_cluster.agentless_scan_ecs_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_cluster) | resource |
 | [aws_ecs_cluster_capacity_providers.agentless_scan_capacity_providers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_cluster_capacity_providers) | resource |
 | [aws_ecs_task_definition.agentless_scan_task_definition](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition) | resource |
+| [aws_flow_log.agentless_scan_vpc_flow_log](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/flow_log) | resource |
 | [aws_iam_policy.agentless_scan_task_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_role.agentless_scan_cross_account_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_role.agentless_scan_ecs_event_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
diff --git a/main.tf b/main.tf
index 9cd365a..32c011a 100644
--- a/main.tf
+++ b/main.tf
@@ -904,6 +904,18 @@ resource "aws_vpc" "agentless_scan_vpc" {
   })
 }
 
+resource "aws_flow_log" "agentless_scan_vpc_flow_log" {
+  count        = var.regional && !var.use_existing_vpc ? 1 : 0
+  vpc_id       = local.vpc_id
+  traffic_type = "REJECT"
+
+  tags = merge(var.tags, {
+    Name                     = "${local.prefix}-vpc"
+    LWTAG_SIDEKICK           = "1"
+    LWTAG_LACEWORK_AGENTLESS = "1"
+  })
+}
+
 resource "aws_default_network_acl" "default" {
   count                  = var.regional && !var.use_existing_vpc ? 1 : 0
   default_network_acl_id = aws_vpc.agentless_scan_vpc[0].default_network_acl_id