add lb access logging (#34)

in4it · Jan 8, 2020 · e610909 · e610909
1 parent 43442e9
commit e610909
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 3 deletions.
diff --git a/terraform/lb.tf b/terraform/lb.tf
@@ -21,6 +21,12 @@ resource "aws_lb" "lb" {
   load_balancer_type = var.loadbalancer == "alb" ? "application" : "network"
   security_groups    = var.loadbalancer == "alb" ? [aws_security_group.roxprox-alb[0].id] : []
 
+  access_logs {
+    bucket  = var.bucket_lb_logs
+    prefix  = "roxprox-lb"
+    enabled = var.enable_lb_logs
+  }
+
   enable_deletion_protection = true
 }
 
@@ -42,7 +48,7 @@ resource "aws_lb_listener_certificate" "extra-certificates" {
   count           = length(var.loadbalancer_alb_cert_extra)
   listener_arn    = aws_lb_listener.lb-https.arn
   certificate_arn = element(data.aws_acm_certificate.alb_cert_extra.*.arn, count.index)
-} 
+}
 
 resource "aws_lb_listener_rule" "lb-https-redirect" {
   count        = var.loadbalancer_https_forwarding ? 1 : 0
@@ -114,4 +120,3 @@ resource "aws_lb_target_group" "envoy-proxy-https" {
     interval            = 30
   }
 }
-
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -51,6 +51,16 @@ variable "lb_subnets" {
   description = "loadbalancer subnets to use"
 }
 
+variable "enable_lb_logs" {
+  description = "true to enable logs for LB"
+  default     = "false"
+}
+
+variable "bucket_lb_logs" {
+  description = "name of s3 bucket to use for lb logs"
+}
+
+
 variable "s3_bucket" {
   description = "name of s3 bucket to use"
 }
@@ -178,4 +188,4 @@ variable "datadog_extra_task_execution_policy" {
 variable "datadog_env" {
   description = "datadog APM default enviroment"
   default     = "none"
-}
+}