Skip to content
This repository was archived by the owner on Jan 25, 2023. It is now read-only.

Commit 2a67b66

Browse files
brikis98brikis98
authored
Merge pull request #239 from dchernivetsky/master
addresses #238
2 parents 656eb49 + cb60fa2 commit 2a67b66

File tree

2 files changed

+26
-2
lines changed

2 files changed

+26
-2
lines changed

modules/vault-elb/main.tf

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,18 @@ resource "aws_elb" "vault" {
2424
security_groups = [aws_security_group.vault.id]
2525
subnets = var.subnet_ids
2626

27+
# optional access_logs creation
28+
dynamic "access_logs" {
29+
for_each = var.access_logs == null ? [] : ["once"]
30+
31+
content {
32+
enabled = lookup(access_logs.value, "enabled", lookup(access_logs.value, "bucket", null))
33+
bucket = lookup(access_logs.value, "bucket", null)
34+
bucket_prefix = lookup(access_logs.value, "bucket_prefix", null)
35+
interval = lookup(access_logs.value, "interval", null)
36+
}
37+
}
38+
2739
# Run the ELB in TCP passthrough mode
2840
listener {
2941
lb_port = var.lb_port
@@ -111,4 +123,3 @@ resource "aws_route53_record" "vault_elb" {
111123
evaluate_target_health = false
112124
}
113125
}
114-

modules/vault-elb/variables.tf

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,20 @@ variable "vault_asg_name" {
2525
# These parameters have reasonable defaults.
2626
# ---------------------------------------------------------------------------------------------------------------------
2727

28+
# Due to terraform type limitations this variable is set to be any.
29+
# In reality it is a map of mixed parameters, some of them are booleans, some ints.
30+
# access_logs = {
31+
# enabled = true # optional
32+
# bucket = "s3_bucket_name" # mandatory
33+
# bucket_prefix = "alb" # optional
34+
# interval = 60 # optional
35+
# }
36+
variable "access_logs" {
37+
description = "If specified, enables access logging for the ELB. This variable should be set to a map with the same keys and values as in the access_log block of the aws_elb resource (https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elb), including bucket, bucket_prefix, interval, and enabled."
38+
type = any
39+
default = null
40+
}
41+
2842
variable "subnet_ids" {
2943
description = "The subnet IDs into which the ELB should be deployed. You will typically want to deploy the ELB into public subnets so your Vault cluster can run in private subnets."
3044
type = list(string)
@@ -126,4 +140,3 @@ variable "security_group_tags" {
126140
type = map(string)
127141
default = {}
128142
}
129-

0 commit comments

Comments
 (0)