Added log-delivery-policy for s3-bucket component #698

zdmytriv · 2023-05-25T10:51:22Z

what

Added log-delivery-policy for s3-bucket component

why

log-delivery-policy is common policy that is being added to S3 bucket. For example:
- https://docs.aws.amazon.com/network-firewall/latest/developerguide/logging-s3.html
- https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-query-logs-choosing-target-resource.html

references

modules/s3-bucket/main.tf

aknysh

LGTM, please see comments

modules/s3-bucket/main.tf

Nuru · 2023-05-25T18:49:29Z

modules/s3-bucket/variables.tf

+  Map of IAM policy statements to use in the bucket policy. Conflicts with `var.custom_policy_enabled` and `var.log_delivery_policy_enabled`.
+  It will be used if `var.custom_policy_enabled` and `var.log_delivery_policy_enabled` are set to `false`.


This description is wrong, right? This will be used when var.custom_policy_enabled is true.

nope.

When custom_policy_enabled=true then policy from iam.tf this will be used.

When iam_policy_statements=true (and other 2 are false) then policy from iam-policy module will be used this

modules/s3-bucket/variables.tf

modules/s3-bucket/iam.tf

aknysh

see comments

zdmytriv · 2023-05-25T20:26:12Z

@Nuru please re-review

…onent

zdmytriv requested review from a team as code owners May 25, 2023 10:51

osterman requested review from Nuru and aknysh May 25, 2023 12:11

aknysh reviewed May 25, 2023

View reviewed changes

modules/s3-bucket/main.tf Outdated Show resolved Hide resolved

aknysh reviewed May 25, 2023

View reviewed changes

zdmytriv requested a review from aknysh May 25, 2023 13:41

aknysh reviewed May 25, 2023

View reviewed changes

modules/s3-bucket/main.tf Show resolved Hide resolved

Nuru requested changes May 25, 2023

View reviewed changes

zdmytriv added 4 commits May 25, 2023 22:23

Added log-delivery-policy for s3-bucket component

0aafe4d

update

f388131

update

24063b8

update

4822e28

zdmytriv force-pushed the added-log-delivery-policy-for-s3-bucket-component branch from be616cd to 4822e28 Compare May 25, 2023 19:24

aknysh reviewed May 25, 2023

View reviewed changes

modules/s3-bucket/iam.tf Outdated Show resolved Hide resolved

aknysh reviewed May 25, 2023

View reviewed changes

update

1abac64

zdmytriv requested a review from Nuru May 25, 2023 20:26

Merge branch 'main' into added-log-delivery-policy-for-s3-bucket-comp…

2738c4c

…onent

zdmytriv marked this pull request as draft May 26, 2023 09:55

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Added log-delivery-policy for s3-bucket component #698

Added log-delivery-policy for s3-bucket component #698

zdmytriv commented May 25, 2023 •

edited

aknysh left a comment

Nuru May 25, 2023

zdmytriv May 25, 2023 •

edited

aknysh left a comment

zdmytriv commented May 25, 2023

		Map of IAM policy statements to use in the bucket policy. Conflicts with `var.custom_policy_enabled` and `var.log_delivery_policy_enabled`.
		It will be used if `var.custom_policy_enabled` and `var.log_delivery_policy_enabled` are set to `false`.

Added log-delivery-policy for s3-bucket component #698

Are you sure you want to change the base?

Added log-delivery-policy for s3-bucket component #698

Conversation

zdmytriv commented May 25, 2023 • edited

what

why

references

aknysh left a comment

Choose a reason for hiding this comment

Nuru May 25, 2023

Choose a reason for hiding this comment

zdmytriv May 25, 2023 • edited

Choose a reason for hiding this comment

aknysh left a comment

Choose a reason for hiding this comment

zdmytriv commented May 25, 2023

zdmytriv commented May 25, 2023 •

edited

zdmytriv May 25, 2023 •

edited