-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Initial updates for supporting s3 bucket logging targets. #302
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -110,11 +110,13 @@ resource "aws_s3_bucket" "bucket" { | |
} | ||
} | ||
|
||
# TODO | ||
# logging { | ||
# target_bucket = "" | ||
# target_prefix = "" | ||
# } | ||
dynamic "logging" { | ||
for_each = var.logging_bucket == null ? [] : [var.logging_bucket] | ||
content { | ||
target_bucket = var.logging_bucket.name | ||
target_prefix = var.logging_bucket.prefix | ||
} | ||
} | ||
Comment on lines
+113
to
+119
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. do you know what's the difference between this and cloudtrail logs? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Here's a pretty interesting comparison: https://www.netskope.com/blog/aws-s3-logjam-server-access-logging-vs-object-level-logging It looks like cloudtrail is more complete and more reliable, but also more complicated to configure. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. There's a table in here that I used to determine that S3 logs was the way forward: https://docs.aws.amazon.com/AmazonS3/latest/userguide/logging-with-S3.html. Ultimately it was a combination of ease to set up (took me just a few minutes to set up and start querying) plus the fact that the S3 logs contain more useful information for us (i.e. Object Size, Total Time, Turn-Around Time, and HTTP Referer). |
||
|
||
server_side_encryption_configuration { | ||
rule { | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't know if it's better to do each.name/each.prefix, or leave it like this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah, I could go either way as well. I think the each syntax is a little bit more confusing though for an iterator where we'll always have 0 or 1 loops.