From 00d918bf288b7649a960d60cef35b20f28d8b335 Mon Sep 17 00:00:00 2001
From: Mihai PLESA <mihai.plesa@gmail.com>
Date: Wed, 11 Nov 2020 23:08:09 +0000
Subject: [PATCH] added option to disable logging (#45)

---
 README.md                      |  2 ++
 docs/terraform.md              |  2 ++
 examples/complete/variables.tf |  6 ++++++
 main.tf                        | 13 ++++++++-----
 outputs.tf                     |  5 +++++
 variables.tf                   |  6 ++++++
 6 files changed, 29 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 376ce46..10d72e8 100644
--- a/README.md
+++ b/README.md
@@ -164,6 +164,7 @@ Available targets:
 | log\_include\_cookies | Include cookies in access logs | `bool` | `false` | no |
 | log\_prefix | Path of logs in S3 bucket | `string` | `""` | no |
 | log\_standard\_transition\_days | Number of days to persist in the standard storage tier before moving to the glacier tier | `number` | `30` | no |
+| logging\_enabled | When true, access logs will be sent to a newly created s3 bucket | `bool` | `true` | no |
 | max\_ttl | Maximum amount of time (in seconds) that an object is in a CloudFront cache | `number` | `31536000` | no |
 | min\_ttl | Minimum amount of time that you want objects to stay in CloudFront caches | `number` | `0` | no |
 | name | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no |
@@ -200,6 +201,7 @@ Available targets:
 | cf\_id | ID of CloudFront distribution |
 | cf\_origin\_access\_identity | A shortcut to the full path for the origin access identity to use in CloudFront |
 | cf\_status | Current status of the distribution |
+| logs | Logs resource |
 
 <!-- markdownlint-restore -->
 
diff --git a/docs/terraform.md b/docs/terraform.md
index a89d590..02b2a9a 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -49,6 +49,7 @@
 | log\_include\_cookies | Include cookies in access logs | `bool` | `false` | no |
 | log\_prefix | Path of logs in S3 bucket | `string` | `""` | no |
 | log\_standard\_transition\_days | Number of days to persist in the standard storage tier before moving to the glacier tier | `number` | `30` | no |
+| logging\_enabled | When true, access logs will be sent to a newly created s3 bucket | `bool` | `true` | no |
 | max\_ttl | Maximum amount of time (in seconds) that an object is in a CloudFront cache | `number` | `31536000` | no |
 | min\_ttl | Minimum amount of time that you want objects to stay in CloudFront caches | `number` | `0` | no |
 | name | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no |
@@ -85,5 +86,6 @@
 | cf\_id | ID of CloudFront distribution |
 | cf\_origin\_access\_identity | A shortcut to the full path for the origin access identity to use in CloudFront |
 | cf\_status | Current status of the distribution |
+| logs | Logs resource |
 
 <!-- markdownlint-restore -->
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
index 2dab3e7..6a094a0 100644
--- a/examples/complete/variables.tf
+++ b/examples/complete/variables.tf
@@ -99,6 +99,12 @@ variable "comment" {
   description = "Comment for the origin access identity"
 }
 
+variable "logging_enabled" {
+  type        = bool
+  default     = true
+  description = "When true, access logs will be sent to a newly created s3 bucket"
+}
+
 variable "log_include_cookies" {
   default     = "false"
   description = "Include cookies in access logs"
diff --git a/main.tf b/main.tf
index 73b4101..a0fe687 100644
--- a/main.tf
+++ b/main.tf
@@ -15,7 +15,7 @@ resource "aws_cloudfront_origin_access_identity" "default" {
 module "logs" {
   source = "git::https://github.com/cloudposse/terraform-aws-log-storage.git?ref=tags/0.14.0"
 
-  enabled                  = module.this.enabled && length(var.log_bucket_fqdn) == 0
+  enabled                  = module.this.enabled && var.logging_enabled && length(var.log_bucket_fqdn) == 0
   attributes               = compact(concat(module.this.attributes, ["origin", "logs"]))
   lifecycle_prefix         = var.log_prefix
   standard_transition_days = var.log_standard_transition_days
@@ -34,10 +34,13 @@ resource "aws_cloudfront_distribution" "default" {
   default_root_object = var.default_root_object
   price_class         = var.price_class
 
-  logging_config {
-    include_cookies = var.log_include_cookies
-    bucket          = length(var.log_bucket_fqdn) > 0 ? var.log_bucket_fqdn : module.logs.bucket_domain_name
-    prefix          = var.log_prefix
+  dynamic "logging_config" {
+    for_each = var.logging_enabled ? ["true"] : []
+    content {
+      include_cookies = var.log_include_cookies
+      bucket          = length(var.log_bucket_fqdn) > 0 ? var.log_bucket_fqdn : module.logs.bucket_domain_name
+      prefix          = var.log_prefix
+    }
   }
 
   aliases = var.aliases
diff --git a/outputs.tf b/outputs.tf
index dcf60c2..e480b8e 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -37,3 +37,8 @@ output "cf_origin_access_identity" {
   value       = try(aws_cloudfront_origin_access_identity.default[0].cloudfront_access_identity_path, "")
   description = "A shortcut to the full path for the origin access identity to use in CloudFront"
 }
+
+output "logs" {
+  value       = module.logs
+  description = "Logs resource"
+}
diff --git a/variables.tf b/variables.tf
index 4929f57..bb161f3 100644
--- a/variables.tf
+++ b/variables.tf
@@ -115,6 +115,12 @@ variable "comment" {
   description = "Comment for the origin access identity"
 }
 
+variable "logging_enabled" {
+  type        = bool
+  default     = true
+  description = "When true, access logs will be sent to a newly created s3 bucket"
+}
+
 variable "log_include_cookies" {
   type        = bool
   default     = false