Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Added missing check for attach_access_log_delivery_policy for access logs logic #252

Merged
merged 1 commit into from
Aug 26, 2023
Merged

fix: Added missing check for attach_access_log_delivery_policy for access logs logic #252

merged 1 commit into from
Aug 26, 2023

Conversation

brycewade1
Copy link
Contributor

Description

This change simply adds var.attach_access_log_delivery_policy into the logic computing if the bucket policy should be attached or not.

This should address issue (#251).

Motivation and Context

Without this change if a bucket is being created solely for purpose of S3 access logs without any other bucket policy related flags the combined bucket policy will not be created nor attached to the bucket.

Breaking Changes

This should not break backwards compatibility.

How Has This Been Tested?

  • I have updated at least one of the examples/* to demonstrate and validate my change(s)
  • I have tested and validated these changes using one or more of the provided examples/* projects
  • I have executed pre-commit run -a on my pull request

I've tested my change with code similar to this (with bucket names changed to protect the innocent):

module "access_log_bucket" {
  source                            = "[email protected]:brycewade1/terraform-aws-s3-bucket.git?ref=bugfix/attach-access-log-policy"
  bucket                            = "s3-log-bucket-${local.region}-${local.account_id}"
  attach_access_log_delivery_policy = true
}

Which produced a bucket policy similar to this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AWSAccessLogDeliveryWrite",
            "Effect": "Allow",
            "Principal": {
                "Service": "logging.s3.amazonaws.com"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::s3-log-bucket-us-west-2-012345678910/*"
        },
        {
            "Sid": "AWSAccessLogDeliveryAclCheck",
            "Effect": "Allow",
            "Principal": {
                "Service": "logging.s3.amazonaws.com"
            },
            "Action": "s3:GetBucketAcl",
            "Resource": "arn:aws:s3:::s3-log-bucket-us-west-2-012345678910"
        }
    ]
}

@antonbabenko antonbabenko changed the title Add missing attach_policy for access logs logic fix: Added missing check for attach_access_log_delivery_policy for access logs logic Aug 26, 2023
@antonbabenko antonbabenko merged commit 97e542b into terraform-aws-modules:master Aug 26, 2023
antonbabenko pushed a commit that referenced this pull request Aug 26, 2023
@semantic-release-bot
chore(release): version 3.15.1 [skip ci]
7263d09 
### [3.15.1](v3.15.0...v3.15.1) (2023-08-26)

### Bug Fixes

* Added missing check for attach_access_log_delivery_policy for access logs logic ([#252](#252)) ([97e542b](97e542b))
@antonbabenko
Copy link
Member

This PR is included in version 3.15.1 🎉

@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 26, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@brycewade1 @antonbabenko