Merge branch 'elb-logs-to-s3' into 'master'

Elb logs to s3 See merge request !3

Merge branch 'elb-logs-to-s3' into 'master'
Elb logs to s3 See merge request !3
487e5be1 · Adrian Horrocks · 3a4f81b5 · 8f11e255 · 487e5be1 · 487e5be1
Commit 487e5be1 authored Aug 14, 2018 by Adrian Horrocks
Show whitespace changes
Inline Side-by-side

Showing with 54 additions and 1 deletion

README.md README.md +1 -1

main.tf main.tf +53 -0

No files found.
--- a/README.md
+++ b/README.md
--- a/main.tf
+++ b/main.tf
@@ -67,6 +67,14 @@ variable "health_check_interval" {
  default = "30"
 }

+variable "logs_enabled" {
+  default = "false"
+}
+
+variable "logs_interval" {
+  default = "5"
+}
+
 #############################################################################################################
 # Security Group
 #############################################################################################################
@@ -129,6 +137,12 @@ resource "aws_elb" "main" {
    instance_protocol = "${var.service_protocol}"
  }

+  access_logs {
+    enabled  = "${var.logs_enabled}"
+    bucket   = "${var.name}-${random_string.bucket_name.result}-elb-logs"
+    interval = "${var.logs_interval}"
+  }
+
  health_check {
    healthy_threshold   = "${var.health_check_healthy_threshold}"
    unhealthy_threshold = "${var.health_check_unhealthy_threshold}"
@@ -138,6 +152,45 @@ resource "aws_elb" "main" {
  }
 }

+
+#############################################################################################################
+# S3 Bucket for Log Exports
+#############################################################################################################
+resource "random_string" "bucket_name" {
+  length  = 8
+  special = false
+  upper   = false
+}
+
+data "aws_elb_service_account" "main" {}
+
+resource "aws_s3_bucket" "elb_logs" {
+  count = "${var.logs_enabled == "true" ? 1 : 0}"
+  bucket = "${var.name}-${random_string.bucket_name.result}-elb-logs"
+  acl    = "private"
+
+  policy = <<POLICY
+{
+  "Id": "Policy",
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "s3:PutObject"
+      ],
+      "Effect": "Allow",
+      "Resource": "arn:aws:s3:::${var.name}-${random_string.bucket_name.result}-elb-logs/AWSLogs/*",
+      "Principal": {
+        "AWS": [
+          "${data.aws_elb_service_account.main.arn}"
+        ]
+      }
+    }
+  ]
+}
+POLICY
+}
+
 #############################################################################################################
 # Outputs
 #############################################################################################################