diff --git a/aws/logs_monitoring/template.yaml b/aws/logs_monitoring/template.yaml index 9a2eb0c3..3bd8f1c5 100644 --- a/aws/logs_monitoring/template.yaml +++ b/aws/logs_monitoring/template.yaml @@ -229,6 +229,10 @@ Parameters: Type: String Default: "" Description: The name of the forwarder bucket to create. If not provided, AWS will generate a unique name. + DdForwarderBucketsAccessLogsTarget: + Type: String + Default: "" + Description: (Optional) The name of the S3 bucket to store access logs. Leave empty if access logging is not needed. DdStoreFailedEvents: Type: String Default: false @@ -433,6 +437,7 @@ Conditions: - Fn::Equals: - Ref: ReservedConcurrency - "" + ShouldUseAccessLogBucket: !Not [!Equals [!Ref DdForwarderBucketsAccessLogsTarget, ""]] SetForwarderBucket: Fn::Or: - Condition: CreateS3Bucket @@ -886,6 +891,13 @@ Resources: BlockPublicPolicy: true IgnorePublicAcls: true RestrictPublicBuckets: true + LoggingConfiguration: + !If + - ShouldUseAccessLogBucket + - + DestinationBucketName: !Ref DdForwarderBucketsAccessLogsTarget + LogFilePrefix: "datadog-forwarder/" + - !Ref "AWS::NoValue" LifecycleConfiguration: Rules: - Id: delete-incomplete-mpu-7days