diff --git a/vpc-production.tf b/vpc-production.tf
index b5cdee9..0f68c6d 100644
--- a/vpc-production.tf
+++ b/vpc-production.tf
@@ -1,32 +1,47 @@
+#********************************************************************************************
+# Variables
+
+# Region
 variable "aws_region" {
   default = "eu-north-1"
 }
 
+# Environment
 variable "environment" {
   default = "Production"
 }
 
+# Plan d'adresse
 variable "vpc_cidr" {
   default     = "10.0.0.0/16"
-  description = "CIDR block of the vpc"
+  description = "Bloc CIDR du VPC"
 }
 
+# Réseau public
 variable "public_subnets_cidr" {
   type        = list(any)
   default     = ["10.0.0.0/20", "10.0.32.0/20", "10.0.64.0/20"]
-  description = "CIDR block for Public Subnet"
+  description = "Bloc CIDR pour sous-réseau Public"
 }
 
+# Réseau privée
 variable "private_subnets_cidr" {
   type        = list(any)
   default     = ["10.0.16.0/20", "10.0.48.0/20", "10.0.80.0/20"]
-  description = "CIDR block for Private Subnet"
+  description = "Bloc CIDR pour sous-réseau Privée"
 }
 
+#********************************************************************************************
+# Data
+
+#
 locals {
   availability_zones = ["${var.aws_region}a", "${var.aws_region}b", "${var.aws_region}c"]
 }
 
+#********************************************************************************************
+# resource
+
 # VPC
 resource "aws_vpc" "default" {
   cidr_block           = "10.0.0.0/16"
@@ -40,7 +55,7 @@ resource "aws_vpc" "default" {
   }
 }
 
-# Public subnet
+# Sous-Réseau Public
 resource "aws_subnet" "public_subnet" {
   vpc_id                  = aws_vpc.default.id
 
@@ -55,7 +70,7 @@ resource "aws_subnet" "public_subnet" {
   }
 }
 
-# Private Subnet
+# Sous-Réseau Privée
 resource "aws_subnet" "private_subnet" {
   vpc_id                  = aws_vpc.default.id
 
@@ -70,7 +85,7 @@ resource "aws_subnet" "private_subnet" {
   }
 }
 
-#Internet gateway
+#Internet Gateway
 resource "aws_internet_gateway" "default-internet-gw" {
   vpc_id = aws_vpc.default.id
 
@@ -82,7 +97,6 @@ resource "aws_internet_gateway" "default-internet-gw" {
 
 # Elastic-IP (eip) for NAT
 resource "aws_eip" "nat_eip" {
-#  vpc        = true
   domain = "vpc"
   
   depends_on = [aws_internet_gateway.default-internet-gw]
@@ -99,7 +113,7 @@ resource "aws_nat_gateway" "nat-gw" {
   }
 }
 
-# Routing tables to route traffic for Public Subnet
+# Tables de routage pour acheminer le trafic vers le sous-réseau Public
 resource "aws_route_table" "public" {
   vpc_id = aws_vpc.default.id
 
@@ -109,7 +123,7 @@ resource "aws_route_table" "public" {
   }
 }
 
-# Routing tables to route traffic for Private Subnet
+# Tables de routage pour acheminer le trafic vers le sous-réseau Privé
 resource "aws_route_table" "private" {
   vpc_id = aws_vpc.default.id
 
@@ -119,7 +133,7 @@ resource "aws_route_table" "private" {
   }
 }
 
-# Route for Internet Gateway
+# Route pour la passerelle Internet
 resource "aws_route" "public_internet_gateway" {
   route_table_id         = aws_route_table.public.id
 
@@ -127,7 +141,7 @@ resource "aws_route" "public_internet_gateway" {
   gateway_id             = aws_internet_gateway.default-internet-gw.id
 }
 
-# Route for NAT Gateway
+# Route pour la passerelle NAT
 resource "aws_route" "private_internet_gateway" {
   route_table_id         = aws_route_table.private.id
 
@@ -135,15 +149,73 @@ resource "aws_route" "private_internet_gateway" {
   gateway_id             = aws_nat_gateway.nat-gw.id
 }
 
-# Route table associations for both Public subnet
+# Associations de tables de routage pour les deux sous-réseaux Publics
 resource "aws_route_table_association" "public" {
   count          = length(var.public_subnets_cidr)
   subnet_id      = element(aws_subnet.public_subnet.*.id, count.index)
   route_table_id = aws_route_table.public.id
 }
 
+# Associations de tables de routage pour les deux sous-réseaux Privée
 resource "aws_route_table_association" "private" {
   count          = length(var.private_subnets_cidr)
   subnet_id      = element(aws_subnet.private_subnet.*.id, count.index)
   route_table_id = aws_route_table.private.id
 }
+
+#********************************************************************************************
+# resource de securité
+
+#
+resource "aws_flow_log" "vpc_flow_logs" {
+  vpc_id = aws_vpc.default.id
+
+  iam_role_arn = aws_iam_role.flow_logs_role.arn
+  log_destination = aws_cloudwatch_log_group.vpc_log_group.arn
+  traffic_type = "ALL"
+}
+
+#
+resource "aws_cloudwatch_log_group" "vpc_log_group" {
+  name = var.log_group_name
+}
+
+#
+resource "aws_iam_role" "flow_logs_role" {
+  name = "flow-logs-role"
+
+  assume_role_policy = jsonencode({
+    Version = "2024-12-31"
+    Statement = {
+      Effect = "Allow"
+      Principal = {
+        Service = "vpc-flow-logs.amazonaws.com"
+      }
+      Action = "sts:AssumeRole"
+    }
+  })
+}
+
+#
+resource "aws_iam_role_policy" "create_log_group_policy" {
+  name = "allow-log-group-policy"
+  role = aws_iam_role.flow_logs_role.name
+
+  policy = jsonencode({
+    Version = "2024-12-31"
+    Statement = [
+      {
+        Action = [
+          "logs:CreateLogGroup",
+          "logs:CreateLogStream",
+          "logs:PutLogEvents",
+          "logs:DescribeLogStreams"
+        ],
+        Effect = "Allow",
+        Resource = [
+          "*"
+        ]
+      }
+    ]
+  })
+}