Terraform AWS optional logging for S3 bucket

3
votes

I am trying to create S3 bucket using terraform from examples in the link https://www.terraform.io/docs/providers/aws/r/s3_bucket.html I have created a S3 module.

The issue i am facing is, for certain bucket i do not want logging enabled. How can this be accomplished in terraform.

 logging {
        target_bucket = "${aws_s3_bucket.log_bucket.id}"
        target_prefix = "log/"   
}

Using empty string for target_bucket and target_prefix causes terraform to make an attempt to create target_bucket.

Also, i am trying to use a module.

2
amazon-s3terraformterraform-provider-aws
do you never want logging enabled? then remove the logging section from the module - its not mandatoryJames Woolfenden
I want logging enabled for some buckets and not for others, using module though.Arpan Solanki

2 Answers

2
votes

Using the newer dynamic block support in terraform 0.12+ we pass a single-item array containing the logging settings if we want logging like so:

variable "logging" {
  type        = list
  default     = []
  description = "to enable logging set this to [{target_bucket = 'xxx' target_prefix = 'logs/'}]"
}

resource "aws_s3_bucket" "s3bucket" {
  dynamic "logging" {
    for_each = [for l in var.logging : {
      target_bucket = l.target_bucket
      target_prefix = l.target_prefix
    }]
    content {
      target_bucket = logging.value.target_bucket
      target_prefix = logging.value.target_prefix
    }
  }
}
1
votes

Can Fly. If you want to make the values of logging optional, first make your module aws_s3_bucket.tf:

resource "aws_s3_bucket" "b" {
  bucket = "my-tf-test-bucket"
  acl    = "private"

  logging = "${var.logging}"
}

variable "logging" {
  type    = "list"
  default = []
}

then in a sub-folder example add your template module.tf:

module "s3" {
  source = "../"

  logging = [
    {
      target_bucket = "loggingbucketname"
      target_prefix = "log/"
    },
  ]
}

provider "aws" {
  region  = "eu-west-1"
  version = "2.4.0"
}

This is your version that has logging.

Next modify your module.tf to look like

  module "s3" {
      source = "../"
   }

    provider "aws" {
      region  = "eu-west-1"
      version = "2.4.0"
    }

That's your version without. This worked with: Terraform v0.11.11 + provider.aws v2.4.0

Updated This is answer for v0.12.5. module is now:

resource "aws_s3_bucket" "b" {
  bucket = "my-tf-test-bucket"
  acl    = "private"

  logging {
    target_bucket = var.logging["target_bucket"]
    target_prefix = var.logging["target_prefix"]
  }
}

variable "logging" {
  type=map
  default={
      target_bucket = ""
      target_prefix = ""
  }
}

Use module with logging becomes (your path to modules might differ):

module "s3" {
  source = "../"
  logging={
    target_bucket = aws_s3_bucket.log_bucket.id
    target_prefix = "log/"
  }
}

provider "aws" {
  region  = "eu-west-1"
  version = "2.34.0"
}

resource "aws_s3_bucket" "log_bucket" {
  bucket = "my-tf-log-bucket"
  acl    = "private"
}

and without:

module "s3" {
  source = "../"
}

provider "aws" {
  region  = "eu-west-1"
  version = "2.34.0"
}