Delete bucket, policy, ALB and role, try again

terraform/modules/alb_logging/main.tf

@@ -46,108 +46,108 @@
 
 
 
-# provider "aws" {
-#  region = "us-east-1"
-# }
-
-
-# resource "aws_s3_bucket" "logging_bucket" {
-#  bucket = var.bucket_name
-# }
-
-# resource "aws_iam_role" "elb_s3_access_role" {
-#  name = "elb_s3_access_role"
-
-#  assume_role_policy = jsonencode({
-#  Version = "2012-10-17",
-#  Statement = [
-#  {
-#  Effect = "Allow",
-#  Principal = {
-#  Service = ["elasticloadbalancing.amazonaws.com"]
-#  },
-#  Action = "sts:AssumeRole",
-#  },
-#  ],
-#  })
-# }
-
-# resource "aws_iam_policy" "elb_s3_logging_policy" {
-#  name = "elb_s3_logging_policy"
-#  policy = jsonencode({
-#  Version = "2012-10-17",
-#  Statement = [
-#  {
-#  Effect = "Allow",
-#  Action = [
-#  "s3:PutObject",
-#  "s3:GetBucketAcl"
-#  ],
-#  Resource = [
-#  "${aws_s3_bucket.logging_bucket.arn}/*"
-#  ]
-#  },
-#  ],
-#  })
-# }
-
-# resource "aws_iam_role_policy_attachment" "elb_s3_logging_policy_attachment" {
-#  role = aws_iam_role.elb_s3_access_role.name
-#  policy_arn = aws_iam_policy.elb_s3_logging_policy.arn
-# }
-
-
-# resource "aws_s3_bucket_public_access_block" "elb_logs_access_block" {
-#  bucket = aws_s3_bucket.logging_bucket.id
-
-#  block_public_acls = true
-#  block_public_policy = true
-#  ignore_public_acls = true
-#  restrict_public_buckets = true
-# }
-
-
-# data "aws_iam_policy_document" "bucket_policy" {
-#  statement {
-#  actions = ["s3:*"]
-#  resources = ["${aws_s3_bucket.logging_bucket.arn}/*"]
-
-#  principals {
-#  type = "AWS"
-#  identifiers = ["arn:aws:iam::127311923021:root"] // ELB service account for US East (N. Virginia)
-#  }
-
-#  # principals {
-#  # type = "Service"
-#  # identifiers = ["elasticloadbalancing.amazonaws.com"]
-#  # }
-
-
-#  condition {
-#  test = "Null"
-#  variable = "s3:x-amz-server-side-encryption"
-#  values = ["true"]
-#  }
+provider "aws" {
+ region = "us-east-1"
+}
+
+
+resource "aws_s3_bucket" "logging_bucket" {
+ bucket = var.bucket_name
+}
+
+resource "aws_iam_role" "elb_s3_access_role" {
+ name = "elb_s3_access_role"
+
+ assume_role_policy = jsonencode({
+ Version = "2012-10-17",
+ Statement = [
+ {
+ Effect = "Allow",
+ Principal = {
+ Service = ["elasticloadbalancing.amazonaws.com"]
+ },
+ Action = "sts:AssumeRole",
+ },
+ ],
+ })
+}
+
+resource "aws_iam_policy" "elb_s3_logging_policy" {
+ name = "elb_s3_logging_policy"
+ policy = jsonencode({
+ Version = "2012-10-17",
+ Statement = [
+ {
+ Effect = "Allow",
+ Action = [
+ "s3:PutObject",
+ "s3:GetBucketAcl"
+ ],
+ Resource = [
+ "${aws_s3_bucket.logging_bucket.arn}/*"
+ ]
+ },
+ ],
+ })
+}
+
+resource "aws_iam_role_policy_attachment" "elb_s3_logging_policy_attachment" {
+ role = aws_iam_role.elb_s3_access_role.name
+ policy_arn = aws_iam_policy.elb_s3_logging_policy.arn
+}
+
+
+resource "aws_s3_bucket_public_access_block" "elb_logs_access_block" {
+ bucket = aws_s3_bucket.logging_bucket.id
+
+ block_public_acls = true
+ block_public_policy = true
+ ignore_public_acls = true
+ restrict_public_buckets = true
+}
+
+
+data "aws_iam_policy_document" "bucket_policy" {
+ statement {
+ actions = ["s3:*"]
+ resources = ["${aws_s3_bucket.logging_bucket.arn}/*"]
+
+ principals {
+ type = "AWS"
+ identifiers = ["arn:aws:iam::127311923021:root"] // ELB service account for US East (N. Virginia)
+ }
+
+ # principals {
+ # type = "Service"
+ # identifiers = ["elasticloadbalancing.amazonaws.com"]
+ # }
+
+
+ condition {
+ test = "Null"
+ variable = "s3:x-amz-server-side-encryption"
+ values = ["true"]
+ }
 
-#  condition {
-#  test = "StringEquals"
-#  variable = "s3:x-amz-acl"
-#  values = ["bucket-owner-full-control"]
-#  }
-#  }
-# }
-
-# resource "aws_s3_bucket_policy" "logging_bucket_policy" {
-#  bucket = aws_s3_bucket.logging_bucket.id
-#  policy = data.aws_iam_policy_document.bucket_policy.json
-# }
-
-# resource "aws_s3_bucket_server_side_encryption_configuration" "logging_bucket_encryption" {
-#  bucket = aws_s3_bucket.logging_bucket.id
-
-#  rule {
-#  apply_server_side_encryption_by_default {
-#  sse_algorithm = "AES256"
-#  }
-#  }
-# }
+ condition {
+ test = "StringEquals"
+ variable = "s3:x-amz-acl"
+ values = ["bucket-owner-full-control"]
+ }
+ }
+}
+
+resource "aws_s3_bucket_policy" "logging_bucket_policy" {
+ bucket = aws_s3_bucket.logging_bucket.id
+ policy = data.aws_iam_policy_document.bucket_policy.json
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "logging_bucket_encryption" {
+ bucket = aws_s3_bucket.logging_bucket.id
+
+ rule {
+ apply_server_side_encryption_by_default {
+ sse_algorithm = "AES256"
+ }
+ }
+}

terraform/modules/alb_logging/outputs.tf

@@ -1,4 +1,4 @@
-# output "bucket_name" {
-#  description = "The name of the S3 bucket for ALB logs"
-#  value = aws_s3_bucket.logging_bucket.bucket
-# }
+output "bucket_name" {
+ description = "The name of the S3 bucket for ALB logs"
+ value = aws_s3_bucket.logging_bucket.bucket
+}

terraform/modules/alb_logging/variables.tf

@@ -1,20 +1,20 @@
-# variable "bucket_name" {
-#  description = "The name of the bucket to be created for storing ALB logs."
-#  type = string
-#  default = "milvus-api-alb-logs" 
-# }
+variable "bucket_name" {
+ description = "The name of the bucket to be created for storing ALB logs."
+ type = string
+ default = "milvus-api-alb-logs" 
+}
 
 
-# # Define other variables expected by the module here. For example:
+# Define other variables expected by the module here. For example:
 
-#  variable "region" {
-#  description = "The AWS region where logs will be stored."
-#  type = string
-#  default = "us-east-1"
-#  }
+ variable "region" {
+ description = "The AWS region where logs will be stored."
+ type = string
+ default = "us-east-1"
+ }
 
-#  variable "alb_log_prefix" {
-#  description = "The prefix for ALB log files."
-#  type = string
-#  default = "logs/AWSLogs/"
-#  }
+ variable "alb_log_prefix" {
+ description = "The prefix for ALB log files."
+ type = string
+ default = "logs/AWSLogs/"
+ }