feat: make audit log bucket access logs bucket name customizable (#303)

* Make audit log bucket access logs bucket name customizable * docs: run terraform-docs Co-authored-by: Kendi Paet <kendi@tavex.eu> Co-authored-by: nozaq <code@nozaq.com>
nozaq · Oct 2, 2022 · 07dc101 · 07dc101
1 parent 99f0493
commit 07dc101
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -142,6 +142,7 @@ This module is composed of several submodules and each of which can be used inde
 | <a name="input_allow_users_to_change_password"></a> [allow\_users\_to\_change\_password](#input\_allow\_users\_to\_change\_password) | Whether to allow users to change their own password. | `bool` | no |
 | <a name="input_analyzer_baseline_enabled"></a> [analyzer\_baseline\_enabled](#input\_analyzer\_baseline\_enabled) | Boolean whether analyzer-baseline is enabled. | `bool` | no |
 | <a name="input_analyzer_name"></a> [analyzer\_name](#input\_analyzer\_name) | The name for the IAM Access Analyzer resource to be created. | `string` | no |
+| <a name="input_audit_log_bucket_access_logs_name"></a> [audit\_log\_bucket\_access\_logs\_name](#input\_audit\_log\_bucket\_access\_logs\_name) | The name of the S3 bucket to store various audit logs. | `string` | no |
 | <a name="input_audit_log_bucket_custom_policy_json"></a> [audit\_log\_bucket\_custom\_policy\_json](#input\_audit\_log\_bucket\_custom\_policy\_json) | Override policy for the audit log bucket. Allows addition of extra policies. | `string` | no |
 | <a name="input_audit_log_bucket_force_destroy"></a> [audit\_log\_bucket\_force\_destroy](#input\_audit\_log\_bucket\_force\_destroy) | A boolean that indicates all objects should be deleted from the audit log bucket so that the bucket can be destroyed without error. These objects are not recoverable. | `bool` | no |
 | <a name="input_audit_log_bucket_key_enabled"></a> [audit\_log\_bucket\_key\_enabled](#input\_audit\_log\_bucket\_key\_enabled) | Whether or not to use Amazon S3 Bucket Keys for encrypting the audit log bucket. | `bool` | no |

diff --git a/bucket.tf b/bucket.tf
@@ -36,7 +36,7 @@ module "audit_log_bucket" {
 
   bucket_name                       = var.audit_log_bucket_name
   bucket_key_enabled                = var.audit_log_bucket_key_enabled
-  log_bucket_name                   = "${var.audit_log_bucket_name}-access-logs"
+  log_bucket_name                   = var.audit_log_bucket_access_logs_name != "" ? var.audit_log_bucket_access_logs_name : "${var.audit_log_bucket_name}-access-logs"
   lifecycle_glacier_transition_days = var.audit_log_lifecycle_glacier_transition_days
   force_destroy                     = var.audit_log_bucket_force_destroy
 

diff --git a/variables.tf b/variables.tf
@@ -79,6 +79,12 @@ variable "audit_log_bucket_name" {
   type        = string
 }
 
+variable "audit_log_bucket_access_logs_name" {
+  description = "The name of the S3 bucket to store various audit logs."
+  type        = string
+  default     = ""
+}
+
 variable "audit_log_bucket_custom_policy_json" {
   description = "Override policy for the audit log bucket. Allows addition of extra policies."
   type        = string