Initial updates for supporting s3 bucket logging targets. #302
Conversation
| dynamic "logging" { | ||
| for_each = var.logging_bucket == null ? [] : [var.logging_bucket] | ||
| content { | ||
| target_bucket = var.logging_bucket.name | ||
| target_prefix = var.logging_bucket.prefix | ||
| } | ||
| } |
There was a problem hiding this comment.
do you know what's the difference between this and cloudtrail logs?
There was a problem hiding this comment.
Here's a pretty interesting comparison: https://www.netskope.com/blog/aws-s3-logjam-server-access-logging-vs-object-level-logging
It looks like cloudtrail is more complete and more reliable, but also more complicated to configure.
There was a problem hiding this comment.
There's a table in here that I used to determine that S3 logs was the way forward: https://docs.aws.amazon.com/AmazonS3/latest/userguide/logging-with-S3.html. Ultimately it was a combination of ease to set up (took me just a few minutes to set up and start querying) plus the fact that the S3 logs contain more useful information for us (i.e. Object Size, Total Time, Turn-Around Time, and HTTP Referer).
| dynamic "logging" { | ||
| for_each = var.logging_bucket == null ? [] : [var.logging_bucket] | ||
| content { | ||
| target_bucket = var.logging_bucket.name |
There was a problem hiding this comment.
Don't know if it's better to do each.name/each.prefix, or leave it like this.
There was a problem hiding this comment.
yeah, I could go either way as well. I think the each syntax is a little bit more confusing though for an iterator where we'll always have 0 or 1 loops.
Summary
Add support for logging S3 access to another bucket or prefix to the private bucket module.
Test Plan
I generated a tf file that created two buckets (a content bucket, and a logging bucket) and set the logging config of one bucket to refer to the other. The logging config in the plan had logging enabled for the content bucket and disabled for the logging bucket.
Tests pass.
References
(Optional) Additional links to provide more context.