-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #55 from tablexi/va-support-access-logs-for-applic…
…ation-load-balancers Support access logs in application_load_balancer module
- Loading branch information
Showing
8 changed files
with
673 additions
and
320 deletions.
There are no files selected for viewing
829 changes: 518 additions & 311 deletions
829
aws/application_load_balancer/__examples__/.planshots.txt
Large diffs are not rendered by default.
Oops, something went wrong.
14 changes: 14 additions & 0 deletions
14
aws/application_load_balancer/__examples__/with_access_logs.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
module "initech_production_load_balancer" { | ||
source = "../" | ||
|
||
environment = "production" | ||
name = "initech" | ||
|
||
access_logs_enabled = true | ||
certificate_arn = "arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012" | ||
instances = ["i-09731747ba5296355", "i-0354a7616ba0dc1af"] | ||
instances_count = 2 | ||
security_group_for_instances = "sg-c94a8777" | ||
subnets = ["subnet-6fbdeeb3", "subnet-9ce530b1"] | ||
vpc_id = "vpc-eed63643" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
locals { | ||
# https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html#access-logging-bucket-permissions | ||
elastic_load_balancing_account_ids = { | ||
ap-northeast-1 = "582318560864" | ||
ap-northeast-2 = "600734575887" | ||
ap-northeast-3 = "383597477331" | ||
ap-south-1 = "718504428378" | ||
ap-southeast-1 = "114774131450" | ||
ap-southeast-2 = "783225319266" | ||
ca-central-1 = "985666609251" | ||
eu-central-1 = "054676820928" | ||
eu-west-1 = "156460612806" | ||
eu-west-2 = "652711504416" | ||
eu-west-3 = "009996457667" | ||
sa-east-1 = "507241528517" | ||
us-east-1 = "127311923021" | ||
us-east-2 = "033677994240" | ||
us-west-1 = "027434742980" | ||
us-west-2 = "797873946194" | ||
} | ||
|
||
access_logs_glacier_transition_days = 365 | ||
} | ||
|
||
resource "aws_alb" "load_balancer" { | ||
count = "${var.access_logs_enabled ? 0 : 1}" | ||
name = "${var.name}" | ||
internal = "${var.internal}" | ||
security_groups = ["${var.security_groups}"] | ||
subnets = ["${var.subnets}"] | ||
} | ||
|
||
resource "aws_alb" "load_balancer_with_access_logs" { | ||
count = "${var.access_logs_enabled ? 1 : 0}" | ||
name = "${var.name}" | ||
internal = "${var.internal}" | ||
security_groups = ["${var.security_groups}"] | ||
subnets = ["${var.subnets}"] | ||
|
||
access_logs { | ||
bucket = "${aws_s3_bucket.load_balancer_access_logs.id}" | ||
enabled = true | ||
} | ||
} | ||
|
||
data "aws_caller_identity" "aws_account" { | ||
count = "${var.access_logs_enabled ? 1 : 0}" | ||
} | ||
|
||
resource "aws_s3_bucket" "load_balancer_access_logs" { | ||
bucket = "${var.name}-logs" | ||
count = "${var.access_logs_enabled ? 1 : 0}" | ||
|
||
lifecycle_rule { | ||
enabled = true | ||
|
||
transition { | ||
days = "${local.access_logs_glacier_transition_days}" | ||
storage_class = "GLACIER" | ||
} | ||
} | ||
} | ||
|
||
resource "aws_s3_bucket_policy" "load_balancer_access_logs" { | ||
bucket = "${aws_s3_bucket.load_balancer_access_logs.id}" | ||
count = "${var.access_logs_enabled ? 1 : 0}" | ||
|
||
policy = <<-JSON | ||
{ | ||
"Version": "2012-10-17", | ||
"Statement": [ | ||
{ | ||
"Action": [ | ||
"s3:PutObject" | ||
], | ||
"Effect": "Allow", | ||
"Resource": "${aws_s3_bucket.load_balancer_access_logs.arn}/AWSLogs/${data.aws_caller_identity.aws_account.account_id}/*", | ||
"Principal": { | ||
"AWS": [ | ||
"arn:aws:iam::${lookup(local.elastic_load_balancing_account_ids, aws_s3_bucket.load_balancer_access_logs.region)}:root" | ||
] | ||
} | ||
} | ||
] | ||
} | ||
JSON | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
output "arn" { | ||
value = "${element(coalescelist(aws_alb.load_balancer.*.arn, aws_alb.load_balancer_with_access_logs.*.arn), 0)}" | ||
} | ||
|
||
output "dns_name" { | ||
value = "${element(coalescelist(aws_alb.load_balancer.*.dns_name, aws_alb.load_balancer_with_access_logs.*.dns_name), 0)}" | ||
} | ||
|
||
output "zone_id" { | ||
value = "${element(coalescelist(aws_alb.load_balancer.*.zone_id, aws_alb.load_balancer_with_access_logs.*.zone_id), 0)}" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
variable "name" { | ||
description = "(Required) The name of this load balancer." | ||
type = "string" | ||
} | ||
|
||
variable "security_groups" { | ||
description = "(Required) A list of security group IDs to attach to the load balancer." | ||
type = "list" | ||
} | ||
|
||
variable "subnets" { | ||
description = "(Required) A list of subnet IDs to attach to the load balancer." | ||
type = "list" | ||
} | ||
|
||
variable "access_logs_enabled" { | ||
description = "(Optional) Boolean to enable / disable access_logs. Defaults to false." | ||
default = false | ||
} | ||
|
||
variable "internal" { | ||
description = "(Optional) If true, the LB will be internal. Default false." | ||
default = false | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,7 @@ | ||
output "dns_name" { | ||
value = "${aws_alb.load_balancer.dns_name}" | ||
value = "${module.load_balancer.dns_name}" | ||
} | ||
|
||
output "zone_id" { | ||
value = "${aws_alb.load_balancer.zone_id}" | ||
value = "${module.load_balancer.zone_id}" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters