Add variable access_log_bucket_prefix to customize S3 access log configuration (#57)

adamantike · web-flow · commit c1a2a8faba43 · 2021-06-14T19:18:01.000-04:00
* Allow changing the prefix to be used in the specified S3 bucket for
access logs. This is useful for projects using different standards (e.g.
path with bucket name in the root folder).
* Fix variable description for `access_log_bucket_name`
diff --git a/README.md b/README.md
@@ -171,7 +171,8 @@ Available targets:
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_abort_incomplete_multipart_upload_days"></a> [abort\_incomplete\_multipart\_upload\_days](#input\_abort\_incomplete\_multipart\_upload\_days) | Maximum time (in days) that you want to allow multipart uploads to remain in progress | `number` | `5` | no |
-| <a name="input_access_log_bucket_name"></a> [access\_log\_bucket\_name](#input\_access\_log\_bucket\_name) | Name of the S3 bucket where s3 access log will be sent to | `string` | `""` | no |
+| <a name="input_access_log_bucket_name"></a> [access\_log\_bucket\_name](#input\_access\_log\_bucket\_name) | Name of the S3 bucket where S3 access logs will be sent to | `string` | `""` | no |
+| <a name="input_access_log_bucket_prefix"></a> [access\_log\_bucket\_prefix](#input\_access\_log\_bucket\_prefix) | Prefix to prepend to the current S3 bucket name, where S3 access logs will be sent to | `string` | `"logs/"` | no |
 | <a name="input_acl"></a> [acl](#input\_acl) | The canned ACL to apply. We recommend log-delivery-write for compatibility with AWS services | `string` | `"log-delivery-write"` | no |
 | <a name="input_additional_tag_map"></a> [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no |
 | <a name="input_allow_encrypted_uploads_only"></a> [allow\_encrypted\_uploads\_only](#input\_allow\_encrypted\_uploads\_only) | Set to `true` to prevent uploads of unencrypted objects to S3 bucket | `bool` | `false` | no |
diff --git a/docs/terraform.md b/docs/terraform.md
@@ -34,7 +34,8 @@
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_abort_incomplete_multipart_upload_days"></a> [abort\_incomplete\_multipart\_upload\_days](#input\_abort\_incomplete\_multipart\_upload\_days) | Maximum time (in days) that you want to allow multipart uploads to remain in progress | `number` | `5` | no |
-| <a name="input_access_log_bucket_name"></a> [access\_log\_bucket\_name](#input\_access\_log\_bucket\_name) | Name of the S3 bucket where s3 access log will be sent to | `string` | `""` | no |
+| <a name="input_access_log_bucket_name"></a> [access\_log\_bucket\_name](#input\_access\_log\_bucket\_name) | Name of the S3 bucket where S3 access logs will be sent to | `string` | `""` | no |
+| <a name="input_access_log_bucket_prefix"></a> [access\_log\_bucket\_prefix](#input\_access\_log\_bucket\_prefix) | Prefix to prepend to the current S3 bucket name, where S3 access logs will be sent to | `string` | `"logs/"` | no |
 | <a name="input_acl"></a> [acl](#input\_acl) | The canned ACL to apply. We recommend log-delivery-write for compatibility with AWS services | `string` | `"log-delivery-write"` | no |
 | <a name="input_additional_tag_map"></a> [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no |
 | <a name="input_allow_encrypted_uploads_only"></a> [allow\_encrypted\_uploads\_only](#input\_allow\_encrypted\_uploads\_only) | Set to `true` to prevent uploads of unencrypted objects to S3 bucket | `bool` | `false` | no |
diff --git a/main.tf b/main.tf
@@ -60,7 +60,7 @@ resource "aws_s3_bucket" "default" {
     for_each = var.access_log_bucket_name != "" ? [1] : []
     content {
       target_bucket = var.access_log_bucket_name
-      target_prefix = "logs/${module.this.id}/"
+      target_prefix = "${var.access_log_bucket_prefix}${module.this.id}/"
     }
   }
 
diff --git a/variables.tf b/variables.tf
@@ -121,7 +121,13 @@ variable "restrict_public_buckets" {
 variable "access_log_bucket_name" {
   type        = string
   default     = ""
-  description = "Name of the S3 bucket where s3 access log will be sent to"
+  description = "Name of the S3 bucket where S3 access logs will be sent to"
+}
+
+variable "access_log_bucket_prefix" {
+  type        = string
+  default     = "logs/"
+  description = "Prefix to prepend to the current S3 bucket name, where S3 access logs will be sent to"
 }
 
 variable "allow_encrypted_uploads_only" {

Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,7 @@ resource "aws_s3_bucket" "default" {`
`60`	`60`	`for_each = var.access_log_bucket_name != "" ? [1] : []`
`61`	`61`	`content {`
`62`	`62`	`target_bucket = var.access_log_bucket_name`
`63`		`- target_prefix = "logs/${module.this.id}/"`
	`63`	`+ target_prefix = "${var.access_log_bucket_prefix}${module.this.id}/"`
`64`	`64`	`}`
`65`	`65`	`}`
`66`	`66`