[NDR-17] Add access logging to load balancer logs (#279)

abbas-khan10 · web-flow · commit d98b841c20e8 · 2025-04-15T15:54:58.000+01:00
diff --git a/infrastructure/README.md b/infrastructure/README.md
@@ -308,6 +308,7 @@
 | [aws_s3_bucket_lifecycle_configuration.lg-lifecycle-rules](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_lifecycle_configuration) | resource |
 | [aws_s3_bucket_lifecycle_configuration.ndr-zip-request-store-lifecycle-rules](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_lifecycle_configuration) | resource |
 | [aws_s3_bucket_lifecycle_configuration.staging-store-lifecycle-rules](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_lifecycle_configuration) | resource |
+| [aws_s3_bucket_logging.logs_bucket_logging](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_logging) | resource |
 | [aws_s3_bucket_policy.access_logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
 | [aws_s3_bucket_policy.logs_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
 | [aws_s3_bucket_public_access_block.logs_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
diff --git a/infrastructure/buckets.tf b/infrastructure/buckets.tf
@@ -1,5 +1,5 @@
 locals {
-  access_logs_bucket_id = local.is_production ? aws_s3_bucket.access_logs[0].id : null
+  access_logs_bucket_id = local.is_production ? aws_s3_bucket.access_logs[0].id : ""
   access_logs_count     = local.is_production ? 1 : 0
 }
 
@@ -329,4 +329,9 @@ resource "aws_s3_bucket_policy" "logs_bucket_policy" {
   policy = data.aws_iam_policy_document.logs_bucket_policy.json
 }
 
-
+resource "aws_s3_bucket_logging" "logs_bucket_logging" {
+  count         = local.access_logs_count
+  bucket        = aws_s3_bucket.logs_bucket.id
+  target_bucket = local.access_logs_bucket_id
+  target_prefix = "${aws_s3_bucket.logs_bucket.id}/"
+}
diff --git a/infrastructure/modules/s3/README.md b/infrastructure/modules/s3/README.md
@@ -36,7 +36,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_access_logs_bucket_id"></a> [access\_logs\_bucket\_id](#input\_access\_logs\_bucket\_id) | Enables access logs on the module's bucket | `string` | `null` | no |
+| <a name="input_access_logs_bucket_id"></a> [access\_logs\_bucket\_id](#input\_access\_logs\_bucket\_id) | Enables access logs on the module's bucket | `string` | n/a | yes |
 | <a name="input_access_logs_enabled"></a> [access\_logs\_enabled](#input\_access\_logs\_enabled) | n/a | `bool` | `false` | no |
 | <a name="input_bucket_name"></a> [bucket\_name](#input\_bucket\_name) | the name of the bucket | `string` | n/a | yes |
 | <a name="input_cloudfront_arn"></a> [cloudfront\_arn](#input\_cloudfront\_arn) | CloudFront Distribution ARN association and policy toggles | `string` | `"null"` | no |
diff --git a/infrastructure/modules/s3/variable.tf b/infrastructure/modules/s3/variable.tf
@@ -50,6 +50,5 @@ variable "access_logs_enabled" {
 
 variable "access_logs_bucket_id" {
   type        = string
-  default     = null
   description = "Enables access logs on the module's bucket"
 }

Original file line number	Diff line number	Diff line change
`@@ -50,6 +50,5 @@ variable "access_logs_enabled" {`
`50`	`50`
`51`	`51`	`variable "access_logs_bucket_id" {`
`52`	`52`	`type = string`
`53`		`- default = null`
`54`	`53`	`description = "Enables access logs on the module's bucket"`
`55`	`54`	`}`