[n/a] access logs block configuration for the load balancer

hashicorp · Apr 5, 2021 · 15c18df · 15c18df
1 parent 656eb49
commit 15c18df
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 2 deletions.
diff --git a/modules/vault-elb/main.tf b/modules/vault-elb/main.tf
@@ -24,6 +24,18 @@ resource "aws_elb" "vault" {
   security_groups = [aws_security_group.vault.id]
   subnets         = var.subnet_ids
 
+  # optional access_logs creation  
+  dynamic "access_logs" {
+    for_each = var.access_logs == null ? [] : ["once"]
+
+    content {
+      enabled       = lookup(access_logs.value, "enabled", lookup(access_logs.value, "bucket", null) != null)
+      bucket        = lookup(access_logs.value, "bucket", null)
+      bucket_prefix = lookup(access_logs.value, "bucket_prefix", null)
+      interval      = lookup(access_logs.value, "interval", 60)
+    }
+  }
+
   # Run the ELB in TCP passthrough mode
   listener {
     lb_port           = var.lb_port
@@ -111,4 +123,3 @@ resource "aws_route53_record" "vault_elb" {
     evaluate_target_health = false
   }
 }
-
diff --git a/modules/vault-elb/variables.tf b/modules/vault-elb/variables.tf
@@ -25,6 +25,20 @@ variable "vault_asg_name" {
 # These parameters have reasonable defaults.
 # ---------------------------------------------------------------------------------------------------------------------
 
+# Due to terraform type limitations this variable is set to be a map of any.
+# In reality it is a map of mixed parameters, some of them are booleans, some ints.
+#  access_logs = {
+#    enabled = true # mandatory
+#    bucket = "s3_bucket_name" # mandatory
+#    bucket_prefix = "alb" # mandatory
+#    interval = 60 # optional
+#  }
+variable "access_logs" {
+  description = "If specified, enables access logging for the ELB. This variable should be set to a map with the same keys and values as in the access_log block of the aws_elb resource (https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elb), including bucket, bucket_prefix, interval, and enabled."
+  type        = map(any)
+  default     = null
+}
+
 variable "subnet_ids" {
   description = "The subnet IDs into which the ELB should be deployed. You will typically want to deploy the ELB into public subnets so your Vault cluster can run in private subnets."
   type        = list(string)
@@ -126,4 +140,3 @@ variable "security_group_tags" {
   type        = map(string)
   default     = {}
 }
-