adding Module to test if Logs for ALB work

thisisqubika · Apr 9, 2024 · aef4543 · aef4543
1 parent a4bd000
commit aef4543
Show file tree

Hide file tree

Showing 6 changed files with 61 additions and 6 deletions.
diff --git a/terraform/iam.tf b/terraform/iam.tf
@@ -1,5 +1,25 @@
 # # POLICY TO LET BUCKET PERMISSIONS:
 
+data "aws_elb_service_account" "main" {}
+
+data "aws_iam_policy_document" "bucket_policy" {
+ statement {
+ actions = ["s3:PutObject"]
+ resources = ["${aws_s3_bucket.logging_bucket.arn}/*"]
+
+ principals {
+ type = "AWS"
+ identifiers = [data.aws_elb_service_account.main.arn]
+ }
+ }
+}
+
+resource "aws_s3_bucket_policy" "bucket_policy" {
+ bucket = aws_s3_bucket.nlb_logs.id
+ policy = data.aws_iam_policy_document.bucket_policy.json
+}
+
+
 
 # # subir como data y statement como en el infra ops en vez de esta forma:
 # resource "aws_s3_bucket_policy" "alb_log_bucket_policy" {

diff --git a/terraform/main.tf b/terraform/main.tf
@@ -81,6 +81,11 @@ resource "aws_route_table_association" "vectorstore_rta" {
 # }
 # }
 
+module "alb_logging" {
+ source = "./modules/alb_logging"
+ bucket_name = "milvus-api-alb-logs"
+ // other necessary variables
+}
 
 
 
@@ -106,11 +111,11 @@ resource "aws_lb" "vectorstore_nlb" {
  subnets = [aws_subnet.vectorstore_subnet.id, aws_subnet.vectorstore_subnet_2.id]
  enable_deletion_protection = false
 
- # access_logs {
- # bucket = aws_s3_bucket.nlb_logs.bucket
- # prefix = "access-logs"
- #  enabled = true
- # }
+ access_logs {
+  bucket = module.alb_logging.bucket_name
+  prefix = "logs"
+ enabled = true
+ }
 
  tags = {
  Name = "vectorstore_nlb"

diff --git a/terraform/modules/alb_logging/main.tf b/terraform/modules/alb_logging/main.tf
@@ -0,0 +1,22 @@
+resource "aws_s3_bucket" "logging_bucket" {
+ bucket = var.bucket_name
+}
+
+data "aws_elb_service_account" "main" {}
+
+data "aws_iam_policy_document" "bucket_policy" {
+ statement {
+ actions = ["s3:PutObject"]
+ resources = ["${aws_s3_bucket.logging_bucket.arn}/*"]
+
+ principals {
+ type = "AWS"
+ identifiers = [data.aws_elb_service_account.main.arn]
+ }
+ }
+}
+
+resource "aws_s3_bucket_policy" "bucket_policy" {
+ bucket = aws_s3_bucket.logging_bucket.id
+ policy = data.aws_iam_policy_document.bucket_policy.json
+}
diff --git a/terraform/modules/alb_logging/outputs.tf b/terraform/modules/alb_logging/outputs.tf
@@ -0,0 +1,4 @@
+output "bucket_name" {
+ description = "The name of the S3 bucket for ALB logs"
+ value = aws_s3_bucket.logging_bucket.bucket
+}
diff --git a/terraform/modules/alb_logging/variables.tf b/terraform/modules/alb_logging/variables.tf
@@ -0,0 +1,5 @@
+variable "bucket_name" {
+ description = "The name of the bucket to be created for storing ALB logs."
+ type = string
+ default = "milvus-api-alb-logs" 
+}
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -25,4 +25,3 @@ variable "key_name" {
  # No default provided; should be specified at runtime or via terraform.tfvars for security reasons
 }
 
-