mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 08:55:24 +00:00
.. | ||
.header.md | ||
.terraform-docs.yml | ||
main.tf | ||
outputs.tf | ||
README.md | ||
variables.tf |
ALB Logging Addon
This addon creates alb logging bucket(s) in s3 and optionally an athena database for those logs.
Example Configuration
This assumes your fleet module is main
and is configured with it's default documentation.
See https://github.com/fleetdm/fleet/blob/main/terraform/example/main.tf for details.
module "main" {
source = "github.com/fleetdm/fleet//terraform?ref=main"
certificate_arn = module.acm.acm_certificate_arn
vpc = {
name = random_pet.main.id
}
fleet_config = {
extra_environment_variables = module.firehose-logging.fleet_extra_environment_variables
extra_iam_policies = module.firehose-logging.fleet_extra_iam_policies
}
alb_config = {
access_logs = {
bucket = module.logging_alb.log_s3_bucket_id
prefix = "fleet"
enabled = true
}
}
}
module "logging_alb" {
source = "github.com/fleetdm/fleet//terraform/addons/logging-alb?ref=main"
prefix = "fleet"
enable_athena = true
}
Additional Information
Once this terraform is applied, the Athena table will need to be created. See https://docs.aws.amazon.com/athena/latest/ug/application-load-balancer-logs.html for help with creating the table.
For this implementation, the S3 pattern for the CREATE TABLE
query should look like this:
s3://your-alb-logs-bucket/<PREFIX>/AWSLogs/<ACCOUNT-ID>/elasticloadbalancing/<REGION>/
Requirements
No requirements.
Providers
Name | Version |
---|---|
aws | 5.25.0 |
Modules
Name | Source | Version |
---|---|---|
athena-s3-bucket | terraform-aws-modules/s3-bucket/aws | 3.15.1 |
s3_bucket_for_logs | terraform-aws-modules/s3-bucket/aws | 3.15.1 |
Resources
Name | Type |
---|---|
aws_athena_database.logs | resource |
aws_athena_workgroup.logs | resource |
aws_kms_alias.logs_alias | resource |
aws_kms_key.logs | resource |
aws_caller_identity.current | data source |
aws_iam_policy_document.kms | data source |
aws_iam_policy_document.s3_athena_bucket | data source |
aws_iam_policy_document.s3_log_bucket | data source |
aws_region.current | data source |
Inputs
Name | Description | Type | Default | Required |
---|---|---|---|---|
enable_athena | n/a | bool |
true |
no |
extra_kms_policies | n/a | list(any) |
[] |
no |
extra_s3_athena_policies | n/a | list(any) |
[] |
no |
extra_s3_log_policies | n/a | list(any) |
[] |
no |
prefix | n/a | string |
"fleet" |
no |
s3_expiration_days | n/a | number |
90 |
no |
s3_newer_noncurrent_versions | n/a | number |
5 |
no |
s3_noncurrent_version_expiration_days | n/a | number |
30 |
no |
s3_transition_days | n/a | number |
30 |
no |
Outputs
Name | Description |
---|---|
log_s3_bucket_id | n/a |