This Terraform module provides a preconfigured solution for setting up S3 access logs in your AWS account to store logs from your Application Load Balancer (ALB) or Cognito User Pool. S3 access logs track requests made to an S3 bucket or to your ALB or Cognito, allowing you to monitor activity and analyze trends in your data. With this Terraform module, you can easily and efficiently set up and manage S3 access logs for your ALB or Cognito, ensuring that you have a complete picture of the activity in your environment.
Our team has extensive experience working with S3 and has optimized this module to provide the best possible experience for users. The module encapsulates all necessary configurations, making it easy to use and integrate into your existing AWS environment. Whether you are just getting started with S3 access logs or looking for a more efficient way to manage your logs, this Terraform module provides a preconfigured solution for tracking activity in your ALB or Cognito.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| allow_cloudfront_write_access_logs | Enable ACL for CloudFront to write access logs. | bool |
false |
no |
| allow_elb_write_access_logs | Attach a policy to allow Elastic Load Balancing to write access logs. | bool |
true |
no |
| deny_non_secure_transport | Whether to attach a policy to the bucket to deny all non-SSL requests. | bool |
true |
no |
| expiration | The number of days after which to expunge the objects. | number |
365 |
no |
| mfa | MFA device ARN including a TOTP token to enable MFA delete. | string |
null |
no |
| mfa_delete | Specifies whether MFA delete is enabled in the bucket. | string |
"Disabled" |
no |
| name | The name of the bucket. | string |
n/a | yes |
| noncurrent_version_expiration | The number of days after which to delete the noncurrent object. | number |
90 |
no |
| noncurrent_version_transitions | Transition to another storage class for noncurrent_versions. | list(object({ |
[ |
no |
| tags | Tags to add to the AWS Customer Managed Key. | map(any) |
{} |
no |
| transitions | Transition to another storage class. | list(object({ |
[ |
no |
| versioning | Enables versioning of objects in the bucket. | string |
"Enabled" |
no |
| Name | Description |
|---|---|
| arn | The arn of the bucket. |
| domain_name | The domain name of the bucket. |
| id | The id of the bucket. |
| Name | Version |
|---|---|
| aws | >= 4.40 |
- resource.aws_s3_bucket.main (main.tf#21)
- resource.aws_s3_bucket_acl.main (main.tf#113)
- resource.aws_s3_bucket_lifecycle_configuration.main (main.tf#63)
- resource.aws_s3_bucket_metric.main (main.tf#98)
- resource.aws_s3_bucket_ownership_controls.main (main.tf#103)
- resource.aws_s3_bucket_policy.main (main.tf#37)
- resource.aws_s3_bucket_public_access_block.main (main.tf#43)
- resource.aws_s3_bucket_server_side_encryption_configuration.main (main.tf#52)
- resource.aws_s3_bucket_versioning.main (main.tf#27)
- data source.aws_canonical_user_id.main (data.tf#1)
- data source.aws_elb_service_account.main (data.tf#2)
- data source.aws_iam_policy_document.main (data.tf#4)
module "alb_logs" {
source = "../../"
name = "my-alb-access-logs-s3"
}module "cloudfront_logs" {
source = "../../"
name = "my-cloudfront-access-logs-s3"
allow_cloudfront_write_access_logs = true
allow_elb_write_access_logs = false
}