From 07dc101179fa2d1649cd987e3d8f3d269db546b8 Mon Sep 17 00:00:00 2001
From: K3ndu <37668739+K3ndu@users.noreply.github.com>
Date: Sun, 2 Oct 2022 03:20:59 +0300
Subject: [PATCH] feat: make audit log bucket access logs bucket name
 customizable (#303)

* Make audit log bucket access logs bucket name customizable

* docs: run terraform-docs

Co-authored-by: Kendi Paet <kendi@tavex.eu>
Co-authored-by: nozaq <code@nozaq.com>
---
 README.md    | 1 +
 bucket.tf    | 2 +-
 variables.tf | 6 ++++++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index fc3389cf..55b5c742 100644
--- a/README.md
+++ b/README.md
@@ -142,6 +142,7 @@ This module is composed of several submodules and each of which can be used inde
 | <a name="input_allow_users_to_change_password"></a> [allow\_users\_to\_change\_password](#input\_allow\_users\_to\_change\_password) | Whether to allow users to change their own password. | `bool` | no |
 | <a name="input_analyzer_baseline_enabled"></a> [analyzer\_baseline\_enabled](#input\_analyzer\_baseline\_enabled) | Boolean whether analyzer-baseline is enabled. | `bool` | no |
 | <a name="input_analyzer_name"></a> [analyzer\_name](#input\_analyzer\_name) | The name for the IAM Access Analyzer resource to be created. | `string` | no |
+| <a name="input_audit_log_bucket_access_logs_name"></a> [audit\_log\_bucket\_access\_logs\_name](#input\_audit\_log\_bucket\_access\_logs\_name) | The name of the S3 bucket to store various audit logs. | `string` | no |
 | <a name="input_audit_log_bucket_custom_policy_json"></a> [audit\_log\_bucket\_custom\_policy\_json](#input\_audit\_log\_bucket\_custom\_policy\_json) | Override policy for the audit log bucket. Allows addition of extra policies. | `string` | no |
 | <a name="input_audit_log_bucket_force_destroy"></a> [audit\_log\_bucket\_force\_destroy](#input\_audit\_log\_bucket\_force\_destroy) | A boolean that indicates all objects should be deleted from the audit log bucket so that the bucket can be destroyed without error. These objects are not recoverable. | `bool` | no |
 | <a name="input_audit_log_bucket_key_enabled"></a> [audit\_log\_bucket\_key\_enabled](#input\_audit\_log\_bucket\_key\_enabled) | Whether or not to use Amazon S3 Bucket Keys for encrypting the audit log bucket. | `bool` | no |
diff --git a/bucket.tf b/bucket.tf
index 2c6f30ef..5d92b3d9 100644
--- a/bucket.tf
+++ b/bucket.tf
@@ -36,7 +36,7 @@ module "audit_log_bucket" {
 
   bucket_name                       = var.audit_log_bucket_name
   bucket_key_enabled                = var.audit_log_bucket_key_enabled
-  log_bucket_name                   = "${var.audit_log_bucket_name}-access-logs"
+  log_bucket_name                   = var.audit_log_bucket_access_logs_name != "" ? var.audit_log_bucket_access_logs_name : "${var.audit_log_bucket_name}-access-logs"
   lifecycle_glacier_transition_days = var.audit_log_lifecycle_glacier_transition_days
   force_destroy                     = var.audit_log_bucket_force_destroy
 
diff --git a/variables.tf b/variables.tf
index 4e7df2c7..a942f3c9 100644
--- a/variables.tf
+++ b/variables.tf
@@ -79,6 +79,12 @@ variable "audit_log_bucket_name" {
   type        = string
 }
 
+variable "audit_log_bucket_access_logs_name" {
+  description = "The name of the S3 bucket to store various audit logs."
+  type        = string
+  default     = ""
+}
+
 variable "audit_log_bucket_custom_policy_json" {
   description = "Override policy for the audit log bucket. Allows addition of extra policies."
   type        = string