From 940619bceb30835a6d09abbd58eb4445686ee452 Mon Sep 17 00:00:00 2001
From: ramancloudsmartz <77831693+ramancloudsmartz@users.noreply.github.com>
Date: Tue, 8 Jun 2021 02:19:46 +0530
Subject: [PATCH] feat(elb): set accessLoggingPolicy property with L2
 LoadBalancer (#14983)

Using cdk we can enable access logs for elb.Loadbalancer
fixes #14972

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
 .../lib/load-balancer.ts                      | 15 ++++++
 .../test/loadbalancer.test.ts                 | 46 +++++++++++++++++++
 2 files changed, 61 insertions(+)

diff --git a/packages/@aws-cdk/aws-elasticloadbalancing/lib/load-balancer.ts b/packages/@aws-cdk/aws-elasticloadbalancing/lib/load-balancer.ts
index d60d91e0a9a51..e4029c9dc55c6 100644
--- a/packages/@aws-cdk/aws-elasticloadbalancing/lib/load-balancer.ts
+++ b/packages/@aws-cdk/aws-elasticloadbalancing/lib/load-balancer.ts
@@ -71,6 +71,17 @@ export interface LoadBalancerProps {
    * @default - Public subnets if internetFacing, Private subnets otherwise
    */
   readonly subnetSelection?: SubnetSelection;
+
+  /**
+   * Enable Loadbalancer access logs
+   * Can be used to avoid manual work as aws console
+   * Required S3 bucket name , enabled flag
+   * Can add interval for pushing log
+   * Can set bucket prefix in order to provide folder name inside bucket
+   * @default - disabled
+   */
+  readonly accessLoggingPolicy?: CfnLoadBalancer.AccessLoggingPolicyProperty;
+
 }
 
 /**
@@ -262,6 +273,10 @@ export class LoadBalancer extends Resource implements IConnectable {
       this.elb.node.addDependency(selectedSubnets.internetConnectivityEstablished);
     }
 
+    if (props.accessLoggingPolicy !== undefined) {
+      this.elb.accessLoggingPolicy = props.accessLoggingPolicy;
+    }
+
     ifUndefined(props.listeners, []).forEach(b => this.addListener(b));
     ifUndefined(props.targets, []).forEach(t => this.addTarget(t));
   }
diff --git a/packages/@aws-cdk/aws-elasticloadbalancing/test/loadbalancer.test.ts b/packages/@aws-cdk/aws-elasticloadbalancing/test/loadbalancer.test.ts
index 9cac87e057e87..aa6c1c8b88ad0 100644
--- a/packages/@aws-cdk/aws-elasticloadbalancing/test/loadbalancer.test.ts
+++ b/packages/@aws-cdk/aws-elasticloadbalancing/test/loadbalancer.test.ts
@@ -249,6 +249,52 @@ describe('tests', () => {
         sslCertificateId: sslCertificateArn,
       })).toThrow(/"sslCertificateId" is deprecated, please use "sslCertificateArn" only./);
   });
+
+  test('enable load balancer access logs', () => {
+    // GIVEN
+    const stack = new Stack();
+    const vpc = new Vpc(stack, 'VCP');
+
+    // WHEN
+    new LoadBalancer(stack, 'LB', {
+      vpc,
+      accessLoggingPolicy: {
+        enabled: true,
+        s3BucketName: 'fakeBucket',
+      },
+    });
+
+    // THEN
+    expect(stack).toHaveResource('AWS::ElasticLoadBalancing::LoadBalancer', {
+      AccessLoggingPolicy: {
+        Enabled: true,
+        S3BucketName: 'fakeBucket',
+      },
+    });
+  });
+
+  test('disable load balancer access logs', () => {
+    // GIVEN
+    const stack = new Stack();
+    const vpc = new Vpc(stack, 'VCP');
+
+    // WHEN
+    new LoadBalancer(stack, 'LB', {
+      vpc,
+      accessLoggingPolicy: {
+        enabled: false,
+        s3BucketName: 'fakeBucket',
+      },
+    });
+
+    // THEN
+    expect(stack).toHaveResource('AWS::ElasticLoadBalancing::LoadBalancer', {
+      AccessLoggingPolicy: {
+        Enabled: false,
+        S3BucketName: 'fakeBucket',
+      },
+    });
+  });
 });
 
 class FakeTarget implements ILoadBalancerTarget {