Skip to content

Commit 605c3f6

Browse files
araman-maraman-m
committed
add logging for more lbs
1 parent 837972c commit 605c3f6

File tree

5 files changed

+76
-7
lines changed

5 files changed

+76
-7
lines changed

terraform/instances-template/instance-ds.tf

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -429,16 +429,22 @@ resource "aws_lb" "ds" {
429429
#subnets = [local.subnet_pub_1_id, local.subnet_pub_2_id, local.subnet_pub_3_id]
430430
subnets = (local.use-elb-private-ds == "false" ? [local.subnet_pub_1_id, local.subnet_pub_2_id, local.subnet_pub_3_id] : [local.subnet_priv_1_id, local.subnet_priv_2_id, local.subnet_priv_3_id])
431431
internal = local.use-elb-private-ds
432+
# Tracks HTTP Requests
432433
access_logs {
433434
bucket = aws_s3_bucket.s3_data.bucket
434435
prefix = "log/lbds"
435436
enabled = true
436437
}
437-
#connection_logs {
438-
# bucket = aws_s3_bucket.s3_data.bucket
439-
# prefix = "log/lbdscon"
440-
# enabled = true
441-
#}
438+
# Tracks TCP/TLS Connections (ALB only)
439+
connection_logs {
440+
bucket = aws_s3_bucket.s3_data.bucket
441+
prefix = "log/lbdscon"
442+
enabled = true
443+
}
444+
# Critical: Ensure the policy is attached before the LB tries to verify access
445+
depends_on = [
446+
aws_s3_bucket_policy.allow_access_for_lb_logs
447+
]
442448
}
443449

444450
# This create a alias which point on ELB when available so we can use a pretty name

terraform/instances-template/instance-idx.tf

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -523,6 +523,22 @@ resource "aws_lb" "idxhec-noack" {
523523
drop_invalid_header_fields = true
524524
security_groups = [aws_security_group.splunk-lb-hecidx-outbound.id, aws_security_group.splunk-lbhecidx.id]
525525
subnets = (local.use-elb-private == "false" ? [local.subnet_pub_1_id, local.subnet_pub_2_id, local.subnet_pub_3_id] : [local.subnet_priv_1_id, local.subnet_priv_2_id, local.subnet_priv_3_id])
526+
# Tracks HTTP Requests
527+
access_logs {
528+
bucket = aws_s3_bucket.s3_data.bucket
529+
prefix = "log/lbidxnoack"
530+
enabled = true
531+
}
532+
# Tracks TCP/TLS Connections (ALB only)
533+
connection_logs {
534+
bucket = aws_s3_bucket.s3_data.bucket
535+
prefix = "log/lbidxnoack"
536+
enabled = true
537+
}
538+
# Critical: Ensure the policy is attached before the LB tries to verify access
539+
depends_on = [
540+
aws_s3_bucket_policy.allow_access_for_lb_logs
541+
]
526542
}
527543

528544

@@ -534,6 +550,22 @@ resource "aws_lb" "idxhec-ack" {
534550
drop_invalid_header_fields = true
535551
security_groups = [aws_security_group.splunk-lb-hecidx-outbound.id, aws_security_group.splunk-lbhecidx.id]
536552
subnets = (local.use-elb-private == "false" ? [local.subnet_pub_1_id, local.subnet_pub_2_id, local.subnet_pub_3_id] : [local.subnet_priv_1_id, local.subnet_priv_2_id, local.subnet_priv_3_id])
553+
# Tracks HTTP Requests
554+
access_logs {
555+
bucket = aws_s3_bucket.s3_data.bucket
556+
prefix = "log/lbidxack"
557+
enabled = true
558+
}
559+
# Tracks TCP/TLS Connections (ALB only)
560+
connection_logs {
561+
bucket = aws_s3_bucket.s3_data.bucket
562+
prefix = "log/lbidxack"
563+
enabled = true
564+
}
565+
# Critical: Ensure the policy is attached before the LB tries to verify access
566+
depends_on = [
567+
aws_s3_bucket_policy.allow_access_for_lb_logs
568+
]
537569
}
538570

539571

terraform/instances-template/instance-ihf.tf

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -381,6 +381,23 @@ resource "aws_lb" "ihfhec-noack" {
381381
security_groups = [aws_security_group.splunk-lb-hecihf-outbound.id, aws_security_group.splunk-lbhecihf.id]
382382
subnets = (local.use-elb-private == "false" ? [local.subnet_pub_1_id, local.subnet_pub_2_id, local.subnet_pub_3_id] : [local.subnet_priv_1_id, local.subnet_priv_2_id, local.subnet_priv_3_id])
383383
drop_invalid_header_fields = true
384+
# Tracks HTTP Requests
385+
access_logs {
386+
bucket = aws_s3_bucket.s3_data.bucket
387+
prefix = "log/lbhecnoack"
388+
enabled = true
389+
}
390+
# Tracks TCP/TLS Connections (ALB only)
391+
connection_logs {
392+
bucket = aws_s3_bucket.s3_data.bucket
393+
prefix = "log/lbhecnoack"
394+
enabled = true
395+
}
396+
# Critical: Ensure the policy is attached before the LB tries to verify access
397+
depends_on = [
398+
aws_s3_bucket_policy.allow_access_for_lb_logs
399+
]
400+
384401
}
385402

386403

terraform/instances-template/instance-shc.tf

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -638,6 +638,22 @@ resource "aws_lb" "shc-users" {
638638
tags = {
639639
Type = "Splunk"
640640
}
641+
# Tracks HTTP Requests
642+
access_logs {
643+
bucket = aws_s3_bucket.s3_data.bucket
644+
prefix = "log/lbshcusers"
645+
enabled = true
646+
}
647+
# Tracks TCP/TLS Connections (ALB only)
648+
connection_logs {
649+
bucket = aws_s3_bucket.s3_data.bucket
650+
prefix = "log/lbshcusers"
651+
enabled = true
652+
}
653+
# Critical: Ensure the policy is attached before the LB tries to verify access
654+
depends_on = [
655+
aws_s3_bucket_policy.allow_access_for_lb_logs
656+
]
641657
}
642658

643659
resource "aws_alb_listener" "shc-users" {

terraform/s3buckets.tf

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -254,8 +254,6 @@ resource "aws_s3_bucket_lifecycle_configuration" "s3_data_lifecycle" {
254254

255255
resource "aws_s3_bucket_policy" "allow_access_for_lb_logs" {
256256
bucket = aws_s3_bucket.s3_data.id
257-
#policy = data.template_file.pol-splunk-s3iafs.rendered
258-
#policy = local.pol-splunk-s3iafs
259257
policy = data.aws_iam_policy_document.s3_bucket_lb_write.json
260258
}
261259

0 commit comments

Comments
 (0)