From a4bd000f9de668420e4fd0f0e91d4e2e00ba4f37 Mon Sep 17 00:00:00 2001 From: Miguel Elhaiek Date: Tue, 9 Apr 2024 16:25:46 -0300 Subject: [PATCH] Removing Logs to S3 from the Load Balancer --- terraform/iam.tf | 62 +++++++++++++++++++++++------------------------ terraform/main.tf | 39 ++++++++++++++--------------- 2 files changed, 51 insertions(+), 50 deletions(-) diff --git a/terraform/iam.tf b/terraform/iam.tf index 70ac0c5..09a60df 100644 --- a/terraform/iam.tf +++ b/terraform/iam.tf @@ -1,37 +1,37 @@ -# POLICY TO LET BUCKET PERMISSIONS: +# # POLICY TO LET BUCKET PERMISSIONS: -# subir como data y statement como en el infra ops en vez de esta forma: -resource "aws_s3_bucket_policy" "alb_log_bucket_policy" { - bucket = aws_s3_bucket.nlb_logs.id +# # subir como data y statement como en el infra ops en vez de esta forma: +# resource "aws_s3_bucket_policy" "alb_log_bucket_policy" { +# bucket = aws_s3_bucket.nlb_logs.id - policy = jsonencode({ - Version = "2012-10-17", - Statement = [ - { - Effect = "Allow", - Principal = { - Service = "elasticloadbalancing.amazonaws.com" - }, - Action = "s3:*", - Resource = "${aws_s3_bucket.nlb_logs.arn}/*", - Condition = { - StringEquals = { - "s3:x-amz-acl" = "bucket-owner-full-control" - } - } - }, - { - Effect = "Allow", - Principal = { - Service = "elasticloadbalancing.amazonaws.com" - }, - Action = "s3:GetBucketAcl", - Resource = aws_s3_bucket.nlb_logs.arn - } - ] - }) -} +# policy = jsonencode({ +# Version = "2012-10-17", +# Statement = [ +# { +# Effect = "Allow", +# Principal = { +# Service = "elasticloadbalancing.amazonaws.com" +# }, +# Action = "s3:*", +# Resource = "${aws_s3_bucket.nlb_logs.arn}/*", +# Condition = { +# StringEquals = { +# "s3:x-amz-acl" = "bucket-owner-full-control" +# } +# } +# }, +# { +# Effect = "Allow", +# Principal = { +# Service = "elasticloadbalancing.amazonaws.com" +# }, +# Action = "s3:GetBucketAcl", +# Resource = aws_s3_bucket.nlb_logs.arn +# } +# ] +# }) +# } diff --git a/terraform/main.tf b/terraform/main.tf index 8c94cd6..78326b0 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -83,19 +83,20 @@ resource "aws_route_table_association" "vectorstore_rta" { -resource "aws_s3_bucket" "nlb_logs" { - bucket = "milvus-api-alb-logs" -} -# Public access for ALB to send logs -resource "aws_s3_bucket_public_access_block" "nlb_logs_access_block" { - bucket = aws_s3_bucket.nlb_logs.id +# resource "aws_s3_bucket" "nlb_logs" { +# bucket = "milvus-api-alb-logs" +# } - block_public_acls = false - block_public_policy = false - ignore_public_acls = false - restrict_public_buckets = false -} +# # Public access for ALB to send logs +# resource "aws_s3_bucket_public_access_block" "nlb_logs_access_block" { +# bucket = aws_s3_bucket.nlb_logs.id + +# block_public_acls = false +# block_public_policy = false +# ignore_public_acls = false +# restrict_public_buckets = false +# } resource "aws_lb" "vectorstore_nlb" { @@ -105,19 +106,19 @@ resource "aws_lb" "vectorstore_nlb" { subnets = [aws_subnet.vectorstore_subnet.id, aws_subnet.vectorstore_subnet_2.id] enable_deletion_protection = false - access_logs { - bucket = aws_s3_bucket.nlb_logs.bucket - prefix = "access-logs" - enabled = true - } + # access_logs { + # bucket = aws_s3_bucket.nlb_logs.bucket + # prefix = "access-logs" + # enabled = true + # } tags = { Name = "vectorstore_nlb" } - depends_on = [ - aws_s3_bucket_policy.alb_log_bucket_policy - ] + # depends_on = [ + # aws_s3_bucket_policy.alb_log_bucket_policy + # ] }