Support access logs in application_load_balancer module #55
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR supports enabling access logs for an application load balancer. Doing so creates an S3 bucket with the appropriate permissions and a rule to move logs to Glacier after 365 days, and configures the load balancer to logs to this S3 bucket.
Given that Terraform’s
access_logs
blocks requires a bucket even if logging is disabled, I had to jump through a couple of hoops to make sure that this module can be used both with and without logging: I create a load balancer without logging, or one with logging based on the variableaccess_logs_enabled
, because even when access logs are disabled, the API call to AWS fails if the access logs bucket is not properly configured (and we should not create an empty S3 bucket just for this case).The Hashicorp-blessed
aws-alb
module went through the same pains, and if you’re interested you can read about them here.