Merge pull request #145 from CBIIT/access_logs_update

updated access logs in destination for alb
CBIIT · Aug 17, 2023 · 1c2893c · 1c2893c
2 parents a608eaa + 0e3820e
commit 1c2893c
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 5 deletions.
diff --git a/terraform/modules/loadbalancer/README.md b/terraform/modules/loadbalancer/README.md
@@ -30,11 +30,12 @@ No modules.
 | <a name="input_alb_certificate_arn"></a> [alb\_certificate\_arn](#input\_alb\_certificate\_arn) | arn for the ssl cert | `string` | n/a | yes |
 | <a name="input_alb_default_message"></a> [alb\_default\_message](#input\_alb\_default\_message) | default message response from alb when resource is not available | `string` | `"The requested resource is not found"` | no |
 | <a name="input_alb_internal"></a> [alb\_internal](#input\_alb\_internal) | is this alb internal? | `bool` | `false` | no |
-| <a name="input_alb_log_bucket_name"></a> [alb\_log\_bucket\_name](#input\_alb\_log\_bucket\_name) | s3 | `string` | n/a | yes |
-| <a name="input_alb_ssl_policy"></a> [alb\_ssl\_policy](#input\_alb\_ssl\_policy) | specify ssl policy to use | `string` | `"ELBSecurityPolicy-TLS-1-2-Ext-2018-06"` | no |
+| <a name="input_alb_log_bucket_name"></a> [alb\_log\_bucket\_name](#input\_alb\_log\_bucket\_name) | s3 | `string` | `"ctos-nonprod-manager-alb-logs"` | no |
+| <a name="input_alb_ssl_policy"></a> [alb\_ssl\_policy](#input\_alb\_ssl\_policy) | specify ssl policy to use | `string` | `"ELBSecurityPolicy-TLS13-1-2-2021-06"` | no |
 | <a name="input_alb_subnet_ids"></a> [alb\_subnet\_ids](#input\_alb\_subnet\_ids) | list of subnets to use for the alb | `list(string)` | n/a | yes |
 | <a name="input_alb_type"></a> [alb\_type](#input\_alb\_type) | Type of loadbalancer | `string` | `"application"` | no |
 | <a name="input_env"></a> [env](#input\_env) | name of the environment to provision | `string` | n/a | yes |
+| <a name="input_program"></a> [program](#input\_program) | the program associated with the application | `string` | n/a | yes |
 | <a name="input_resource_prefix"></a> [resource\_prefix](#input\_resource\_prefix) | the prefix to add when creating resources | `string` | n/a | yes |
 | <a name="input_stack_name"></a> [stack\_name](#input\_stack\_name) | name of the project | `string` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | tags to associate with this instance | `map(string)` | n/a | yes |

diff --git a/terraform/modules/loadbalancer/main.tf b/terraform/modules/loadbalancer/main.tf
@@ -10,9 +10,9 @@ resource "aws_lb" "alb" {
   desync_mitigation_mode     = "strictest"
 
   access_logs {
-    bucket  = var.alb_log_bucket_name
-    prefix  = "alb-logs"
     enabled = true
+    bucket  = var.alb_log_bucket_name
+    prefix  = "${var.program}/${var.env}/${var.stack_name}/alb-access-logs"
   }
 
   timeouts {

diff --git a/terraform/modules/loadbalancer/variables.tf b/terraform/modules/loadbalancer/variables.tf
@@ -13,6 +13,17 @@ variable "stack_name" {
   type        = string
 }
 
+variable "program" {
+  type        = string
+  description = "the program associated with the application"
+  sensitive   = false
+
+  validation {
+    condition     = contains(["crdc", "ccdi", "ctos", "fnl"], var.program)
+    error_message = "valid values for program are 'crdc', 'ccdi', 'fnl' and 'ctos'"
+  }
+}
+
 variable "alb_type" {
   description = "Type of loadbalancer"
   type        = string
@@ -27,7 +38,7 @@ variable "alb_internal" {
 
 variable "alb_ssl_policy" {
   description = "specify ssl policy to use"
-  default     = "ELBSecurityPolicy-TLS-1-2-Ext-2018-06"
+  default     = "ELBSecurityPolicy-TLS13-1-2-2021-06"
   type        = string
 }
 
@@ -59,5 +70,6 @@ variable "alb_subnet_ids" {
 variable "alb_log_bucket_name" {
   description = "s3"
   type        = string
+  default     = "ctos-nonprod-manager-alb-logs"
 }