Merge pull request #239 from dchernivetsky/master

addresses #238
hashicorp · Apr 8, 2021 · 2a67b66 · 2a67b66
2 parents 656eb49 + cb60fa2
commit 2a67b66
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 2 deletions.
diff --git a/modules/vault-elb/main.tf b/modules/vault-elb/main.tf
@@ -24,6 +24,18 @@ resource "aws_elb" "vault" {
   security_groups = [aws_security_group.vault.id]
   subnets         = var.subnet_ids
 
+  # optional access_logs creation  
+  dynamic "access_logs" {
+    for_each = var.access_logs == null ? [] : ["once"]
+
+    content {
+      enabled       = lookup(access_logs.value, "enabled", lookup(access_logs.value, "bucket", null))
+      bucket        = lookup(access_logs.value, "bucket", null)
+      bucket_prefix = lookup(access_logs.value, "bucket_prefix", null)
+      interval      = lookup(access_logs.value, "interval", null)
+    }
+  }
+
   # Run the ELB in TCP passthrough mode
   listener {
     lb_port           = var.lb_port
@@ -111,4 +123,3 @@ resource "aws_route53_record" "vault_elb" {
     evaluate_target_health = false
   }
 }
-
diff --git a/modules/vault-elb/variables.tf b/modules/vault-elb/variables.tf
@@ -25,6 +25,20 @@ variable "vault_asg_name" {
 # These parameters have reasonable defaults.
 # ---------------------------------------------------------------------------------------------------------------------
 
+# Due to terraform type limitations this variable is set to be any.
+# In reality it is a map of mixed parameters, some of them are booleans, some ints.
+#  access_logs = {
+#    enabled       = true             # optional
+#    bucket        = "s3_bucket_name" # mandatory
+#    bucket_prefix = "alb"            # optional
+#    interval      = 60               # optional
+#  }
+variable "access_logs" {
+  description = "If specified, enables access logging for the ELB. This variable should be set to a map with the same keys and values as in the access_log block of the aws_elb resource (https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elb), including bucket, bucket_prefix, interval, and enabled."
+  type        = any
+  default     = null
+}
+
 variable "subnet_ids" {
   description = "The subnet IDs into which the ELB should be deployed. You will typically want to deploy the ELB into public subnets so your Vault cluster can run in private subnets."
   type        = list(string)
@@ -126,4 +140,3 @@ variable "security_group_tags" {
   type        = map(string)
   default     = {}
 }
-