Alb access logs by rkalamaro · Pull Request #5 · codersagainstcovidorg/infra

rkalamaro · 2020-03-30T19:16:10Z

No description provided.

iloveicedgreentea

thanks Roy I made some comments. Can you please take a look

iloveicedgreentea · 2020-03-30T19:26:44Z

terraform/backend/module/alb.tf

@@ -1,12 +1,41 @@
+data "aws_region" "current" {}
+data "aws_caller_identity" "current" {}


these are/should be in data.tf

Addressed in b68be75

iloveicedgreentea · 2020-03-30T19:28:33Z

terraform/backend/module/alb.tf

+}
+
+data "template_file" "log-bucket-policy" {
+  template = "${file("${path.module}/log-bucket-policy.json.tpl")}"


These vars look like it was made/linted with tf11

If looking to add in-line policy yo the resource, it should resolve the TF linting issue.
But yeah, my env is set on 11 =
Nonetheless, feel free to pull & commit proper TF 12 linting and move the bucket policy to the same alb.tf resource.

iloveicedgreentea · 2020-03-30T19:32:45Z

terraform/backend/module/alb.tf

+
+resource "aws_s3_bucket_policy" "attach-policy-to-log-bucket" {
+  bucket = "${aws_s3_bucket.log-bucket.id}"
+  policy = "${data.template_file.log-bucket-policy.rendered}"


would be better to put this policy in HCL https://github.com/codersagainstcovidorg/infra/blob/master/terraform/frontend/module/iam.tf#L65

You want to add it as in-line bucket policy rather than templatizing as a separated document?

iloveicedgreentea · 2020-03-30T19:33:18Z

terraform/backend/module/alb.tf

+
 # alb
 resource "aws_lb" "backend" {
+  depends_on = [


not needed since you declare the resource in the block below

Truth, the dependency declared for logical reasons, but removing it should not create any impact.
I'll follow your request

Addressed in da8ac92

iloveicedgreentea · 2020-03-30T19:33:38Z

terraform/backend/module/alb.tf

  security_groups                  = [aws_security_group.lb_sg.id]
  enable_deletion_protection       = false
  enable_cross_zone_load_balancing = false
+  access_logs {


can you make this optional with a var like enable_s3_access_logs and add it to the configs?

Roy K added 2 commits March 30, 2020 11:46

adding required resources paramterized data to add ALB access logs

692e8d7

alb instead of nlb

b68be75

iloveicedgreentea suggested changes Mar 30, 2020

View reviewed changes

Roy K and others added 3 commits March 30, 2020 16:16

moving current region to data resource

874640a

removing dependedency on ALB resource

da8ac92

init issues with templatized bucket permissions should be resolved

18a8398

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Alb access logs#5

Alb access logs#5
rkalamaro wants to merge 5 commits intomasterfrom
alb-access-logs

rkalamaro commented Mar 30, 2020

Uh oh!

iloveicedgreentea left a comment

Uh oh!

iloveicedgreentea Mar 30, 2020

Uh oh!

rkalamaro Mar 30, 2020

Uh oh!

iloveicedgreentea Mar 30, 2020

Uh oh!

rkalamaro Mar 30, 2020

Uh oh!

iloveicedgreentea Mar 30, 2020

Uh oh!

rkalamaro Mar 30, 2020

Uh oh!

iloveicedgreentea Mar 30, 2020

Uh oh!

rkalamaro Mar 30, 2020

Uh oh!

rkalamaro Mar 30, 2020

Uh oh!

iloveicedgreentea Mar 30, 2020

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

2 participants

		@@ -1,12 +1,41 @@
		data "aws_region" "current" {}
		data "aws_caller_identity" "current" {}

Conversation

rkalamaro commented Mar 30, 2020

Uh oh!

iloveicedgreentea left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

2 participants