From eca204949eec3cffca6c554bb514fe89c2a65c9d Mon Sep 17 00:00:00 2001 From: magreenbaum Date: Fri, 15 Dec 2023 07:36:48 -0500 Subject: [PATCH 1/2] add connection logging --- README.md | 5 +++-- examples/complete-alb/README.md | 4 ++-- examples/complete-alb/main.tf | 7 +++++++ examples/complete-alb/versions.tf | 2 +- examples/complete-nlb/README.md | 4 ++-- examples/complete-nlb/versions.tf | 2 +- main.tf | 9 +++++++++ variables.tf | 6 ++++++ versions.tf | 2 +- wrappers/main.tf | 1 + 10 files changed, 33 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 9705459..f78f865 100644 --- a/README.md +++ b/README.md @@ -348,13 +348,13 @@ See [patterns.md](https://github.com/terraform-aws-modules/terraform-aws-alb/blo | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.23 | +| [aws](#requirement\_aws) | >= 5.31 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.23 | +| [aws](#provider\_aws) | >= 5.31 | ## Modules @@ -384,6 +384,7 @@ No modules. |------|-------------|------|---------|:--------:| | [access\_logs](#input\_access\_logs) | Map containing access logging configuration for load balancer | `map(string)` | `{}` | no | | [associate\_web\_acl](#input\_associate\_web\_acl) | Indicates whether a Web Application Firewall (WAF) ACL should be associated with the load balancer | `bool` | `false` | no | +| [connection\_logs](#input\_connection\_logs) | Map containing access logging configuration for load balancer | `map(string)` | `{}` | no | | [create](#input\_create) | Controls if resources should be created (affects nearly all resources) | `bool` | `true` | no | | [create\_security\_group](#input\_create\_security\_group) | Determines if a security group is created | `bool` | `true` | no | | [customer\_owned\_ipv4\_pool](#input\_customer\_owned\_ipv4\_pool) | The ID of the customer owned ipv4 pool to use for this load balancer | `string` | `null` | no | diff --git a/examples/complete-alb/README.md b/examples/complete-alb/README.md index 1e93422..b11c268 100644 --- a/examples/complete-alb/README.md +++ b/examples/complete-alb/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.23 | +| [aws](#requirement\_aws) | >= 5.31 | | [null](#requirement\_null) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.23 | +| [aws](#provider\_aws) | >= 5.31 | | [null](#provider\_null) | >= 2.0 | ## Modules diff --git a/examples/complete-alb/main.tf b/examples/complete-alb/main.tf index 21279f5..960082a 100644 --- a/examples/complete-alb/main.tf +++ b/examples/complete-alb/main.tf @@ -58,6 +58,13 @@ module "alb" { access_logs = { bucket = module.log_bucket.s3_bucket_id + prefix = "access-logs" + } + + connection_logs = { + bucket = module.log_bucket.s3_bucket_id + enabled = true + prefix = "connection-logs" } listeners = { diff --git a/examples/complete-alb/versions.tf b/examples/complete-alb/versions.tf index 7a23a05..7d29031 100644 --- a/examples/complete-alb/versions.tf +++ b/examples/complete-alb/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.23" + version = ">= 5.31" } null = { source = "hashicorp/null" diff --git a/examples/complete-nlb/README.md b/examples/complete-nlb/README.md index 3c7efe3..ecdad36 100644 --- a/examples/complete-nlb/README.md +++ b/examples/complete-nlb/README.md @@ -20,13 +20,13 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 5.23 | +| [aws](#requirement\_aws) | >= 5.31 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.23 | +| [aws](#provider\_aws) | >= 5.31 | ## Modules diff --git a/examples/complete-nlb/versions.tf b/examples/complete-nlb/versions.tf index a1705fa..1b260a1 100644 --- a/examples/complete-nlb/versions.tf +++ b/examples/complete-nlb/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.23" + version = ">= 5.31" } } } diff --git a/main.tf b/main.tf index e08de0f..1f2f5ba 100644 --- a/main.tf +++ b/main.tf @@ -22,6 +22,15 @@ resource "aws_lb" "this" { } } + dynamic "connection_logs" { + for_each = length(var.connection_logs) > 0 ? [var.connection_logs] : [] + content { + bucket = connection_logs.value.bucket + enabled = try(connection_logs.value.enabled, false) + prefix = try(connection_logs.value.prefix, null) + } + } + customer_owned_ipv4_pool = var.customer_owned_ipv4_pool desync_mitigation_mode = var.desync_mitigation_mode dns_record_client_routing_policy = var.dns_record_client_routing_policy diff --git a/variables.tf b/variables.tf index d69c99d..be8b56a 100644 --- a/variables.tf +++ b/variables.tf @@ -20,6 +20,12 @@ variable "access_logs" { default = {} } +variable "connection_logs" { + description = "Map containing access logging configuration for load balancer" + type = map(string) + default = {} +} + variable "customer_owned_ipv4_pool" { description = "The ID of the customer owned ipv4 pool to use for this load balancer" type = string diff --git a/versions.tf b/versions.tf index a1705fa..1b260a1 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.23" + version = ">= 5.31" } } } diff --git a/wrappers/main.tf b/wrappers/main.tf index 6f90205..5d4d551 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -5,6 +5,7 @@ module "wrapper" { access_logs = try(each.value.access_logs, var.defaults.access_logs, {}) associate_web_acl = try(each.value.associate_web_acl, var.defaults.associate_web_acl, false) + connection_logs = try(each.value.connection_logs, var.defaults.connection_logs, {}) create = try(each.value.create, var.defaults.create, true) create_security_group = try(each.value.create_security_group, var.defaults.create_security_group, true) customer_owned_ipv4_pool = try(each.value.customer_owned_ipv4_pool, var.defaults.customer_owned_ipv4_pool, null) From 53f796a5982e01f1b9445297c329d5465f2b644d Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sat, 23 Dec 2023 07:22:13 -0500 Subject: [PATCH 2/2] Update main.tf --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 7e09247..3c0ef50 100644 --- a/main.tf +++ b/main.tf @@ -26,7 +26,7 @@ resource "aws_lb" "this" { for_each = length(var.connection_logs) > 0 ? [var.connection_logs] : [] content { bucket = connection_logs.value.bucket - enabled = try(connection_logs.value.enabled, false) + enabled = try(connection_logs.value.enabled, true) prefix = try(connection_logs.value.prefix, null) } }