Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support access logs in application_load_balancer module #55

Merged
merged 4 commits into from
May 16, 2018
Merged

Support access logs in application_load_balancer module #55

merged 4 commits into from
May 16, 2018

Conversation

vandrijevik
Copy link
Contributor

This PR supports enabling access logs for an application load balancer. Doing so creates an S3 bucket with the appropriate permissions and a rule to move logs to Glacier after 365 days, and configures the load balancer to logs to this S3 bucket.

Given that Terraform’s access_logs blocks requires a bucket even if logging is disabled, I had to jump through a couple of hoops to make sure that this module can be used both with and without logging: I create a load balancer without logging, or one with logging based on the variable access_logs_enabled, because even when access logs are disabled, the API call to AWS fails if the access logs bucket is not properly configured (and we should not create an empty S3 bucket just for this case).

The Hashicorp-blessed aws-alb module went through the same pains, and if you’re interested you can read about them here.

@vandrijevik vandrijevik force-pushed the va-support-access-logs-for-application-load-balancers branch from bf8a63b to 5f1d626 Compare May 15, 2018 11:57
@vandrijevik vandrijevik force-pushed the va-support-access-logs-for-application-load-balancers branch from c42361a to 923cdad Compare May 15, 2018 11:59
@vandrijevik
Copy link
Contributor Author

The failures ☝️ are not related to this PR at all, and result from Amazon releasing new AMIs, and our code automatically getting the latest version. I will address those separately.

@vandrijevik vandrijevik mentioned this pull request May 15, 2018
Merged
pturley
pturley previously approved these changes May 15, 2018
View reviewed changes
@vandrijevik vandrijevik force-pushed the va-support-access-logs-for-application-load-balancers branch 2 times, most recently from ae243fb to 0c7c995 Compare May 16, 2018 10:44
@vandrijevik
Use ARN instead of account ID in S3 policy’s Principal
1b68eee 
Due to a Terraform bug (hashicorp/terraform#4948), if Principal is set to an account id, Terraform always reports the resource as if it needs changing (because the AWS API accepts the value, but turns it into an ARN).
@vandrijevik vandrijevik force-pushed the va-support-access-logs-for-application-load-balancers branch from 0c7c995 to 1b68eee Compare May 16, 2018 10:47
@vandrijevik vandrijevik merged commit f6c5976 into master May 16, 2018
@vandrijevik vandrijevik deleted the va-support-access-logs-for-application-load-balancers branch May 16, 2018 11:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fedekau fedekau fedekau approved these changes

@pturley pturley pturley left review comments

@phoolish phoolish Awaiting requested review from phoolish

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@vandrijevik @pturley @fedekau