duplicate log config on hec ack lb

araman-m · araman-m · commit a2fd6f4409fa · 2026-02-11T11:32:07.000+01:00
diff --git a/terraform/instances-template/instance-ihf.tf b/terraform/instances-template/instance-ihf.tf
@@ -409,6 +409,22 @@ resource "aws_lb" "ihfhec-ack" {
   security_groups    = [aws_security_group.splunk-lb-hecihf-outbound.id, aws_security_group.splunk-lbhecihf.id]
   subnets            = (local.use-elb-private == "false" ? [local.subnet_pub_1_id, local.subnet_pub_2_id, local.subnet_pub_3_id] : [local.subnet_priv_1_id, local.subnet_priv_2_id, local.subnet_priv_3_id])
   drop_invalid_header_fields = true
+  # Tracks HTTP Requests
+  access_logs {
+    bucket  = aws_s3_bucket.s3_data.bucket
+    prefix  = "log/lbhecack"
+    enabled = true
+  }
+  # Tracks TCP/TLS Connections (ALB only)
+  connection_logs {
+    bucket  = aws_s3_bucket.s3_data.bucket
+    prefix  = "log/lbhecack"
+    enabled = true
+  }
+  # Critical: Ensure the policy is attached before the LB tries to verify access
+  depends_on = [
+    aws_s3_bucket_policy.allow_access_for_lb_logs
+  ]
 }
 
 
