From 2b8a583027af47d28031ac0fbce691277a433d46 Mon Sep 17 00:00:00 2001
From: Francisco Rivera <franmrivera@gmail.com>
Date: Sun, 12 Mar 2023 14:10:23 -0300
Subject: [PATCH 1/9] EKS ALB access logs

---
 .../k8s-components/networking-ingress.tf      |  2 ++
 config/common-variables.tf                    |  6 +++++
 security/us-east-1/security-audit/logs.tf     | 23 +++++++++++++++++++
 3 files changed, 31 insertions(+)
 create mode 100644 security/us-east-1/security-audit/logs.tf

diff --git a/apps-devstg/us-east-1/k8s-eks/k8s-components/networking-ingress.tf b/apps-devstg/us-east-1/k8s-eks/k8s-components/networking-ingress.tf
index 514b4f974..5209bdbae 100644
--- a/apps-devstg/us-east-1/k8s-eks/k8s-components/networking-ingress.tf
+++ b/apps-devstg/us-east-1/k8s-eks/k8s-components/networking-ingress.tf
@@ -82,6 +82,8 @@ resource "kubernetes_ingress_v1" "apps" {
       # Filter traffic by IP addresses
       # NOTE: this is highly recommended when using an internet-facing ALB
       "alb.ingress.kubernetes.io/inbound-cidrs" = "0.0.0.0/0"
+      # ALB access logs
+      alb.ingress.kubernetes.io/load-balancer-attributes = "access_logs.s3.enabled=${var.eks_alb_logging},access_logs.s3.bucket=${var.project}-${var.environment}-alb-logs,access_logs.s3.prefix=eks-cluster-ingress"
     }
   }
 
diff --git a/config/common-variables.tf b/config/common-variables.tf
index fd34a0be6..ba88e9440 100644
--- a/config/common-variables.tf
+++ b/config/common-variables.tf
@@ -136,3 +136,9 @@ variable "enable_inspector" {
   type        = bool
   default     = false
 }
+
+variable "eks_alb_logging" {
+  description = "Turn EKS ALB logging on"
+  type        = bool
+  default     = false
+}
diff --git a/security/us-east-1/security-audit/logs.tf b/security/us-east-1/security-audit/logs.tf
new file mode 100644
index 000000000..86d8fe97a
--- /dev/null
+++ b/security/us-east-1/security-audit/logs.tf
@@ -0,0 +1,23 @@
+module "s3_bucket_alb_logs" {
+  source = "github.com/binbashar/terraform-aws-s3-bucket.git?ref=v3.7.0"
+  count = var.eks_alb_logging ? 1 : 0
+
+  bucket = "${var.project}-${var.environment}-alb-logs"
+  acl    = "log-delivery-write"
+
+  versioning = {
+    enabled = true
+  }
+
+  # Allow deletion of non-empty bucket
+  force_destroy = true
+
+  attach_elb_log_delivery_policy = true  # Required for ALB logs
+  attach_lb_log_delivery_policy  = true  # Required for ALB/NLB logs
+
+  # S3 bucket-level Public Access Block configuration
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}

From b7a066353d7ed7e260a63c67c2f7720f002d09de Mon Sep 17 00:00:00 2001
From: Francisco Rivera <franmrivera@gmail.com>
Date: Wed, 29 Mar 2023 16:37:34 -0300
Subject: [PATCH 2/9] bucket must be on the same account

---
 apps-devstg/us-east-1/k8s-eks/cluster/config.tf             | 2 +-
 .../us-east-1/k8s-eks/k8s-components/networking-ingress.tf  | 2 +-
 .../us-east-1/k8s-eks/k8s-components/terraform.tfvars       | 1 +
 apps-devstg/us-east-1/k8s-eks/k8s-components/variables.tf   | 6 ++++++
 {security => apps-devstg}/us-east-1/security-audit/logs.tf  | 1 -
 config/common-variables.tf                                  | 6 ------
 6 files changed, 9 insertions(+), 9 deletions(-)
 rename {security => apps-devstg}/us-east-1/security-audit/logs.tf (94%)

diff --git a/apps-devstg/us-east-1/k8s-eks/cluster/config.tf b/apps-devstg/us-east-1/k8s-eks/cluster/config.tf
index 43331131a..e7a7f7805 100644
--- a/apps-devstg/us-east-1/k8s-eks/cluster/config.tf
+++ b/apps-devstg/us-east-1/k8s-eks/cluster/config.tf
@@ -16,7 +16,7 @@ provider "kubernetes" {
 # Backend Config (partial)
 #
 terraform {
-  required_version = "~> 1.1.3"
+  required_version = "~> 1.2.7"
 
   required_providers {
     aws        = "~> 4.10"
diff --git a/apps-devstg/us-east-1/k8s-eks/k8s-components/networking-ingress.tf b/apps-devstg/us-east-1/k8s-eks/k8s-components/networking-ingress.tf
index 5209bdbae..c78070ce5 100644
--- a/apps-devstg/us-east-1/k8s-eks/k8s-components/networking-ingress.tf
+++ b/apps-devstg/us-east-1/k8s-eks/k8s-components/networking-ingress.tf
@@ -83,7 +83,7 @@ resource "kubernetes_ingress_v1" "apps" {
       # NOTE: this is highly recommended when using an internet-facing ALB
       "alb.ingress.kubernetes.io/inbound-cidrs" = "0.0.0.0/0"
       # ALB access logs
-      alb.ingress.kubernetes.io/load-balancer-attributes = "access_logs.s3.enabled=${var.eks_alb_logging},access_logs.s3.bucket=${var.project}-${var.environment}-alb-logs,access_logs.s3.prefix=eks-cluster-ingress"
+      "alb.ingress.kubernetes.io/load-balancer-attributes" = "access_logs.s3.enabled=${var.enable_eks_alb_logging},access_logs.s3.bucket=${var.project}-${var.environment}-alb-logs,access_logs.s3.prefix=eks-cluster-ingress"
     }
   }
 
diff --git a/apps-devstg/us-east-1/k8s-eks/k8s-components/terraform.tfvars b/apps-devstg/us-east-1/k8s-eks/k8s-components/terraform.tfvars
index f5dd74cb3..2fd6677f1 100644
--- a/apps-devstg/us-east-1/k8s-eks/k8s-components/terraform.tfvars
+++ b/apps-devstg/us-east-1/k8s-eks/k8s-components/terraform.tfvars
@@ -8,6 +8,7 @@ apps_ingress = {
   # Load balancer type: internet-facing or internal
   type = "internal"
 }
+enable_eks_alb_logging = true
 
 #------------------------------------------------------------------------------
 # Certificate Manager
diff --git a/apps-devstg/us-east-1/k8s-eks/k8s-components/variables.tf b/apps-devstg/us-east-1/k8s-eks/k8s-components/variables.tf
index 532d7c181..b2ef31809 100644
--- a/apps-devstg/us-east-1/k8s-eks/k8s-components/variables.tf
+++ b/apps-devstg/us-east-1/k8s-eks/k8s-components/variables.tf
@@ -111,6 +111,12 @@ variable "enable_backups" {
   default = false
 }
 
+variable "enable_eks_alb_logging" {
+  description = "Turn EKS ALB logging on"
+  type        = bool
+  default     = false
+}
+
 #==================================#
 # Ingress Monitor Controller (IMC) #
 #==================================#
diff --git a/security/us-east-1/security-audit/logs.tf b/apps-devstg/us-east-1/security-audit/logs.tf
similarity index 94%
rename from security/us-east-1/security-audit/logs.tf
rename to apps-devstg/us-east-1/security-audit/logs.tf
index 86d8fe97a..668786cb5 100644
--- a/security/us-east-1/security-audit/logs.tf
+++ b/apps-devstg/us-east-1/security-audit/logs.tf
@@ -1,6 +1,5 @@
 module "s3_bucket_alb_logs" {
   source = "github.com/binbashar/terraform-aws-s3-bucket.git?ref=v3.7.0"
-  count = var.eks_alb_logging ? 1 : 0
 
   bucket = "${var.project}-${var.environment}-alb-logs"
   acl    = "log-delivery-write"
diff --git a/config/common-variables.tf b/config/common-variables.tf
index ba88e9440..fd34a0be6 100644
--- a/config/common-variables.tf
+++ b/config/common-variables.tf
@@ -136,9 +136,3 @@ variable "enable_inspector" {
   type        = bool
   default     = false
 }
-
-variable "eks_alb_logging" {
-  description = "Turn EKS ALB logging on"
-  type        = bool
-  default     = false
-}

From 7cba428639f3f6006c8cc74659bdcdc06d07e459 Mon Sep 17 00:00:00 2001
From: Francisco Rivera <franmrivera@gmail.com>
Date: Wed, 29 Mar 2023 16:41:19 -0300
Subject: [PATCH 3/9] disabled by default

---
 apps-devstg/us-east-1/k8s-eks/k8s-components/terraform.tfvars | 1 -
 1 file changed, 1 deletion(-)

diff --git a/apps-devstg/us-east-1/k8s-eks/k8s-components/terraform.tfvars b/apps-devstg/us-east-1/k8s-eks/k8s-components/terraform.tfvars
index 2fd6677f1..f5dd74cb3 100644
--- a/apps-devstg/us-east-1/k8s-eks/k8s-components/terraform.tfvars
+++ b/apps-devstg/us-east-1/k8s-eks/k8s-components/terraform.tfvars
@@ -8,7 +8,6 @@ apps_ingress = {
   # Load balancer type: internet-facing or internal
   type = "internal"
 }
-enable_eks_alb_logging = true
 
 #------------------------------------------------------------------------------
 # Certificate Manager

From f8722d095787bf2dff0e6dd661e2738cdd02d767 Mon Sep 17 00:00:00 2001
From: Francisco Rivera <franmrivera@gmail.com>
Date: Wed, 29 Mar 2023 17:02:18 -0300
Subject: [PATCH 4/9] terraform fmt

---
 apps-devstg/us-east-1/security-audit/logs.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps-devstg/us-east-1/security-audit/logs.tf b/apps-devstg/us-east-1/security-audit/logs.tf
index 668786cb5..e18791d00 100644
--- a/apps-devstg/us-east-1/security-audit/logs.tf
+++ b/apps-devstg/us-east-1/security-audit/logs.tf
@@ -11,8 +11,8 @@ module "s3_bucket_alb_logs" {
   # Allow deletion of non-empty bucket
   force_destroy = true
 
-  attach_elb_log_delivery_policy = true  # Required for ALB logs
-  attach_lb_log_delivery_policy  = true  # Required for ALB/NLB logs
+  attach_elb_log_delivery_policy = true # Required for ALB logs
+  attach_lb_log_delivery_policy  = true # Required for ALB/NLB logs
 
   # S3 bucket-level Public Access Block configuration
   block_public_acls       = true

From 235356dc291baeaf2bee7d36d59b7e7caa3bb764 Mon Sep 17 00:00:00 2001
From: Francisco Rivera <franmrivera@gmail.com>
Date: Wed, 29 Mar 2023 18:30:43 -0300
Subject: [PATCH 5/9] demoapps alb logs

---
 .../k8s-eks-demoapps/k8s-components/.terraform.lock.hcl    | 7 +++++++
 .../k8s-eks-demoapps/k8s-components/networking-ingress.tf  | 2 ++
 .../us-east-1/k8s-eks-demoapps/k8s-components/variables.tf | 6 ++++++
 3 files changed, 15 insertions(+)

diff --git a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/.terraform.lock.hcl b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/.terraform.lock.hcl
index 60d495c43..2e86e5456 100644
--- a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/.terraform.lock.hcl
+++ b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/.terraform.lock.hcl
@@ -60,3 +60,10 @@ provider "registry.terraform.io/hashicorp/kubernetes" {
     "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
   ]
 }
+
+provider "registry.terraform.io/hashicorp/null" {
+  version = "3.2.1"
+  hashes = [
+    "h1:FbGfc+muBsC17Ohy5g806iuI1hQc4SIexpYCrQHQd8w=",
+  ]
+}
diff --git a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/networking-ingress.tf b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/networking-ingress.tf
index d36ba9492..31f37d713 100644
--- a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/networking-ingress.tf
+++ b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/networking-ingress.tf
@@ -82,6 +82,8 @@ resource "kubernetes_ingress_v1" "apps" {
       # Filter traffic by IP addresses
       # NOTE: this is highly recommended when using an internet-facing ALB
       "alb.ingress.kubernetes.io/inbound-cidrs" = "0.0.0.0/0"
+      # ALB access logs
+      "alb.ingress.kubernetes.io/load-balancer-attributes" = "access_logs.s3.enabled=${var.enable_eks_alb_logging},access_logs.s3.bucket=${var.project}-${var.environment}-alb-logs,access_logs.s3.prefix=eks-cluster-demoapps-ingress"
     }
   }
 
diff --git a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/variables.tf b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/variables.tf
index 18ba1ea15..9b242913a 100644
--- a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/variables.tf
+++ b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/variables.tf
@@ -121,6 +121,12 @@ variable "enable_backups" {
   default = false
 }
 
+variable "enable_eks_alb_logging" {
+  description = "Turn EKS ALB logging on"
+  type        = bool
+  default     = false
+}
+
 #==================================#
 # Ingress Monitor Controller (IMC) #
 #==================================#

From 871a9f93026d8dbe1656369a5a9e7543e0c8c8be Mon Sep 17 00:00:00 2001
From: Francisco Rivera <franmrivera@gmail.com>
Date: Thu, 30 Mar 2023 14:12:09 -0300
Subject: [PATCH 6/9] Apply suggestions from code review

Co-authored-by: Diego OJeda (BinBash) <38356409+diego-ojeda-binbash@users.noreply.github.com>
---
 apps-devstg/us-east-1/k8s-eks/cluster/config.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps-devstg/us-east-1/k8s-eks/cluster/config.tf b/apps-devstg/us-east-1/k8s-eks/cluster/config.tf
index e7a7f7805..ca05f7e9b 100644
--- a/apps-devstg/us-east-1/k8s-eks/cluster/config.tf
+++ b/apps-devstg/us-east-1/k8s-eks/cluster/config.tf
@@ -16,7 +16,7 @@ provider "kubernetes" {
 # Backend Config (partial)
 #
 terraform {
-  required_version = "~> 1.2.7"
+  required_version = "~> 1.2"
 
   required_providers {
     aws        = "~> 4.10"

From 00903f34dd954b4686c89df81b9218e7f5fa7114 Mon Sep 17 00:00:00 2001
From: Francisco Rivera <franmrivera@gmail.com>
Date: Thu, 30 Mar 2023 15:46:52 -0300
Subject: [PATCH 7/9] feedback

---
 .../us-east-1/k8s-eks/identities/ids_external_secrets.tf    | 4 ++--
 apps-devstg/us-east-1/k8s-eks/k8s-components/locals.tf      | 1 +
 .../us-east-1/k8s-eks/k8s-components/networking-ingress.tf  | 2 +-
 apps-devstg/us-east-1/k8s-eks/k8s-components/variables.tf   | 6 ++++++
 apps-devstg/us-east-1/security-audit/logs.tf                | 1 +
 apps-devstg/us-east-1/security-audit/variables.tf           | 5 +++++
 apps-devstg/us-east-1/security-certs/outputs.tf             | 2 +-
 7 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/apps-devstg/us-east-1/k8s-eks/identities/ids_external_secrets.tf b/apps-devstg/us-east-1/k8s-eks/identities/ids_external_secrets.tf
index da60d9f48..43e752568 100644
--- a/apps-devstg/us-east-1/k8s-eks/identities/ids_external_secrets.tf
+++ b/apps-devstg/us-east-1/k8s-eks/identities/ids_external_secrets.tf
@@ -51,7 +51,7 @@ resource "aws_iam_policy" "external_secrets_secrets_manager" {
         "kms:DescribeKey"
       ],
       "Resource": [
-        "${data.terraform_remote_state.shared.outputs.aws_kms_key_arn}"
+        "${data.terraform_remote_state.shared-keys.outputs.aws_kms_key_arn}"
       ]
     }
   ]
@@ -85,7 +85,7 @@ resource "aws_iam_policy" "external_secrets_parameter_store" {
         "kms:DescribeKey"
       ],
       "Resource": [
-        "${data.terraform_remote_state.shared.outputs.aws_kms_key_arn}"
+        "${data.terraform_remote_state.shared-keys.outputs.aws_kms_key_arn}"
       ]
     }
   ]
diff --git a/apps-devstg/us-east-1/k8s-eks/k8s-components/locals.tf b/apps-devstg/us-east-1/k8s-eks/k8s-components/locals.tf
index 57f37e230..c79330aaa 100644
--- a/apps-devstg/us-east-1/k8s-eks/k8s-components/locals.tf
+++ b/apps-devstg/us-east-1/k8s-eks/k8s-components/locals.tf
@@ -45,4 +45,5 @@ locals {
   alb_ingress_to_nginx_ingress_tags_list = [
     for k, v in local.alb_ingress_to_nginx_ingress_tags_map : "${k}=${v}"
   ]
+  eks_alb_logging_prefix = var.eks_alb_logging_prefix != "" ? var.eks_alb_logging_prefix : data.terraform_remote_state.eks-cluster.outputs.cluster_name
 }
diff --git a/apps-devstg/us-east-1/k8s-eks/k8s-components/networking-ingress.tf b/apps-devstg/us-east-1/k8s-eks/k8s-components/networking-ingress.tf
index c78070ce5..60a4101eb 100644
--- a/apps-devstg/us-east-1/k8s-eks/k8s-components/networking-ingress.tf
+++ b/apps-devstg/us-east-1/k8s-eks/k8s-components/networking-ingress.tf
@@ -83,7 +83,7 @@ resource "kubernetes_ingress_v1" "apps" {
       # NOTE: this is highly recommended when using an internet-facing ALB
       "alb.ingress.kubernetes.io/inbound-cidrs" = "0.0.0.0/0"
       # ALB access logs
-      "alb.ingress.kubernetes.io/load-balancer-attributes" = "access_logs.s3.enabled=${var.enable_eks_alb_logging},access_logs.s3.bucket=${var.project}-${var.environment}-alb-logs,access_logs.s3.prefix=eks-cluster-ingress"
+      "alb.ingress.kubernetes.io/load-balancer-attributes" = "access_logs.s3.enabled=${var.enable_eks_alb_logging},access_logs.s3.bucket=${var.project}-${var.environment}-alb-logs,access_logs.s3.prefix=${local.eks_alb_logging_prefix}"
     }
   }
 
diff --git a/apps-devstg/us-east-1/k8s-eks/k8s-components/variables.tf b/apps-devstg/us-east-1/k8s-eks/k8s-components/variables.tf
index b2ef31809..60554939f 100644
--- a/apps-devstg/us-east-1/k8s-eks/k8s-components/variables.tf
+++ b/apps-devstg/us-east-1/k8s-eks/k8s-components/variables.tf
@@ -117,6 +117,12 @@ variable "enable_eks_alb_logging" {
   default     = false
 }
 
+variable "eks_alb_logging_prefix" {
+  description = "Turn EKS ALB logging on"
+  type        = string
+  default     = ""
+}
+
 #==================================#
 # Ingress Monitor Controller (IMC) #
 #==================================#
diff --git a/apps-devstg/us-east-1/security-audit/logs.tf b/apps-devstg/us-east-1/security-audit/logs.tf
index e18791d00..6f610155f 100644
--- a/apps-devstg/us-east-1/security-audit/logs.tf
+++ b/apps-devstg/us-east-1/security-audit/logs.tf
@@ -1,5 +1,6 @@
 module "s3_bucket_alb_logs" {
   source = "github.com/binbashar/terraform-aws-s3-bucket.git?ref=v3.7.0"
+  count = var.create_alb_logs_bucket ? 1 : 0
 
   bucket = "${var.project}-${var.environment}-alb-logs"
   acl    = "log-delivery-write"
diff --git a/apps-devstg/us-east-1/security-audit/variables.tf b/apps-devstg/us-east-1/security-audit/variables.tf
index 18780deea..6c29f42a4 100644
--- a/apps-devstg/us-east-1/security-audit/variables.tf
+++ b/apps-devstg/us-east-1/security-audit/variables.tf
@@ -18,3 +18,8 @@ variable "metrics" {
   description = "Metrics definitions"
   default     = {}
 }
+
+variable "create_alb_logs_bucket" {
+  type        = bool
+  default     = false
+}
diff --git a/apps-devstg/us-east-1/security-certs/outputs.tf b/apps-devstg/us-east-1/security-certs/outputs.tf
index 10533969f..802f203e9 100644
--- a/apps-devstg/us-east-1/security-certs/outputs.tf
+++ b/apps-devstg/us-east-1/security-certs/outputs.tf
@@ -4,4 +4,4 @@
 output "certificate_arn" {
   description = "The certificate ARN"
   value       = aws_acm_certificate.main.arn
-}
\ No newline at end of file
+}

From f2a922894ce8d10b6b9b1c94f036a13d52e0f463 Mon Sep 17 00:00:00 2001
From: Francisco Rivera <franmrivera@gmail.com>
Date: Thu, 30 Mar 2023 15:50:49 -0300
Subject: [PATCH 8/9] consider demoapps too

---
 .../us-east-1/k8s-eks-demoapps/k8s-components/locals.tf     | 1 +
 .../k8s-eks-demoapps/k8s-components/networking-ingress.tf   | 2 +-
 .../us-east-1/k8s-eks-demoapps/k8s-components/variables.tf  | 6 ++++++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/locals.tf b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/locals.tf
index 7a4db9ce6..599df6ef3 100644
--- a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/locals.tf
+++ b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/locals.tf
@@ -55,4 +55,5 @@ locals {
   alb_ingress_to_nginx_ingress_tags_list = [
     for k, v in local.alb_ingress_to_nginx_ingress_tags_map : "${k}=${v}"
   ]
+  eks_alb_logging_prefix = var.eks_alb_logging_prefix != "" ? var.eks_alb_logging_prefix : data.terraform_remote_state.cluster.outputs.cluster_name
 }
diff --git a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/networking-ingress.tf b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/networking-ingress.tf
index 31f37d713..cb9f1e394 100644
--- a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/networking-ingress.tf
+++ b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/networking-ingress.tf
@@ -83,7 +83,7 @@ resource "kubernetes_ingress_v1" "apps" {
       # NOTE: this is highly recommended when using an internet-facing ALB
       "alb.ingress.kubernetes.io/inbound-cidrs" = "0.0.0.0/0"
       # ALB access logs
-      "alb.ingress.kubernetes.io/load-balancer-attributes" = "access_logs.s3.enabled=${var.enable_eks_alb_logging},access_logs.s3.bucket=${var.project}-${var.environment}-alb-logs,access_logs.s3.prefix=eks-cluster-demoapps-ingress"
+      "alb.ingress.kubernetes.io/load-balancer-attributes" = "access_logs.s3.enabled=${var.enable_eks_alb_logging},access_logs.s3.bucket=${var.project}-${var.environment}-alb-logs,access_logs.s3.prefix=${local.eks_alb_logging_prefix}"
     }
   }
 
diff --git a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/variables.tf b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/variables.tf
index 1804d8694..2c295d2aa 100644
--- a/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/variables.tf
+++ b/apps-devstg/us-east-1/k8s-eks-demoapps/k8s-components/variables.tf
@@ -127,6 +127,12 @@ variable "enable_eks_alb_logging" {
   default     = false
 }
 
+variable "eks_alb_logging_prefix" {
+  description = "Turn EKS ALB logging on"
+  type        = string
+  default     = ""
+}
+
 #==================================#
 # Ingress Monitor Controller (IMC) #
 #==================================#

From 566761d4c0cdf615089a923b8e967d3fc38aae93 Mon Sep 17 00:00:00 2001
From: Francisco Rivera <franmrivera@gmail.com>
Date: Thu, 30 Mar 2023 15:58:24 -0300
Subject: [PATCH 9/9] fmt

---
 apps-devstg/us-east-1/security-audit/logs.tf      | 2 +-
 apps-devstg/us-east-1/security-audit/variables.tf | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/apps-devstg/us-east-1/security-audit/logs.tf b/apps-devstg/us-east-1/security-audit/logs.tf
index 6f610155f..ecc92feb0 100644
--- a/apps-devstg/us-east-1/security-audit/logs.tf
+++ b/apps-devstg/us-east-1/security-audit/logs.tf
@@ -1,6 +1,6 @@
 module "s3_bucket_alb_logs" {
   source = "github.com/binbashar/terraform-aws-s3-bucket.git?ref=v3.7.0"
-  count = var.create_alb_logs_bucket ? 1 : 0
+  count  = var.create_alb_logs_bucket ? 1 : 0
 
   bucket = "${var.project}-${var.environment}-alb-logs"
   acl    = "log-delivery-write"
diff --git a/apps-devstg/us-east-1/security-audit/variables.tf b/apps-devstg/us-east-1/security-audit/variables.tf
index 6c29f42a4..bbf09bd06 100644
--- a/apps-devstg/us-east-1/security-audit/variables.tf
+++ b/apps-devstg/us-east-1/security-audit/variables.tf
@@ -20,6 +20,6 @@ variable "metrics" {
 }
 
 variable "create_alb_logs_bucket" {
-  type        = bool
-  default     = false
+  type    = bool
+  default = false
 }