From ece54bbb62ff0645b597eebdf8591ac925c0cba4 Mon Sep 17 00:00:00 2001 From: Karol Czeryna Date: Tue, 8 Jun 2021 16:32:36 +0100 Subject: [PATCH 1/4] NLB Log Delivery Support --- README.md | 18 ++++++++++++++++++ main.tf | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++- variables.tf | 6 ++++++ 3 files changed, 77 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 97bae96e..a2438d32 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,7 @@ These features of S3 bucket configurations are supported: - object locking - Cross-Region Replication (CRR) - ELB log delivery bucket policy +- NLB log delivery bucket policy ## Usage @@ -48,6 +49,22 @@ module "s3_bucket_for_logs" { } ``` +### Bucket with NLB access log delivery policy attached + +```hcl +module "s3_bucket_for_logs" { + source = "terraform-aws-modules/s3-bucket/aws" + + bucket = "my-s3-bucket-for-logs" + acl = "log-delivery-write" + + # Allow deletion of non-empty bucket + force_destroy = true + + attach_nlb_log_delivery_policy = true +} +``` + ## Conditional creation Sometimes you need to have a way to create S3 resources conditionally but Terraform does not allow to use `count` inside `module` block, so the solution is to specify argument `create_bucket`. @@ -122,6 +139,7 @@ No modules. | [acl](#input\_acl) | (Optional) The canned ACL to apply. Defaults to 'private'. Conflicts with `grant` | `string` | `"private"` | no | | [attach\_deny\_insecure\_transport\_policy](#input\_attach\_deny\_insecure\_transport\_policy) | Controls if S3 bucket should have deny non-SSL transport policy attached | `bool` | `false` | no | | [attach\_elb\_log\_delivery\_policy](#input\_attach\_elb\_log\_delivery\_policy) | Controls if S3 bucket should have ELB log delivery policy attached | `bool` | `false` | no | +| [attach\_nlb\_log\_delivery\_policy](#input\_attach\_elb\_log\_delivery\_policy) | Controls if S3 bucket should have NLB log delivery policy attached | `bool` | `false` | no | | [attach\_policy](#input\_attach\_policy) | Controls if S3 bucket should have bucket policy attached (set to `true` to use value of `policy` as bucket policy) | `bool` | `false` | no | | [attach\_public\_policy](#input\_attach\_public\_policy) | Controls if a user defined public bucket policy will be attached (set to `false` to allow upstream to apply defaults to the bucket) | `bool` | `true` | no | | [block\_public\_acls](#input\_block\_public\_acls) | Whether Amazon S3 should block public ACLs for this bucket. | `bool` | `false` | no | diff --git a/main.tf b/main.tf index 77a4c94a..786adcc3 100644 --- a/main.tf +++ b/main.tf @@ -1,5 +1,5 @@ locals { - attach_policy = var.attach_elb_log_delivery_policy || var.attach_deny_insecure_transport_policy || var.attach_policy + attach_policy = var.attach_elb_log_delivery_policy || var.attach_nlb_log_delivery_policy || var.attach_deny_insecure_transport_policy || var.attach_policy } resource "aws_s3_bucket" "this" { @@ -247,6 +247,7 @@ data "aws_iam_policy_document" "combined" { source_policy_documents = compact([ var.attach_elb_log_delivery_policy ? data.aws_iam_policy_document.elb_log_delivery[0].json : "", + var.attach_nlb_log_delivery_policy ? data.aws_iam_policy_document.nlb_log_delivery[0].json : "", var.attach_deny_insecure_transport_policy ? data.aws_iam_policy_document.deny_insecure_transport[0].json : "", var.attach_policy ? var.policy : "" ]) @@ -280,6 +281,57 @@ data "aws_iam_policy_document" "elb_log_delivery" { } } +# NLB + +data "aws_iam_policy_document" "nlb_log_delivery" { + count = var.create_bucket && var.attach_nlb_log_delivery_policy ? 1 : 0 + + statement { + sid = "AWSLogDeliveryWrite" + + principals { + type = "Service" + identifiers = ["delivery.logs.amazonaws.com"] + } + + effect = "Allow" + + actions = [ + "s3:PutObject", + ] + + resources = [ + "${aws_s3_bucket.this[0].arn}/*", + ] + + condition { + test = "StringEquals" + variable = "s3:x-amz-acl" + values = ["bucket-owner-full-control"] + } + } + + statement { + sid = "AWSLogDeliveryAclCheck" + + effect = "Allow" + + principals { + type = "Service" + identifiers = ["delivery.logs.amazonaws.com"] + } + + actions = [ + "s3:GetBucketAcl", + ] + + resources = [ + "${aws_s3_bucket.this[0].arn}", + ] + + } +} + data "aws_iam_policy_document" "deny_insecure_transport" { count = var.create_bucket && var.attach_deny_insecure_transport_policy ? 1 : 0 diff --git a/variables.tf b/variables.tf index f07d4169..ba1f8bbf 100644 --- a/variables.tf +++ b/variables.tf @@ -10,6 +10,12 @@ variable "attach_elb_log_delivery_policy" { default = false } +variable "attach_nlb_log_delivery_policy" { + description = "Controls if S3 bucket should have NLB log delivery policy attached" + type = bool + default = false +} + variable "attach_deny_insecure_transport_policy" { description = "Controls if S3 bucket should have deny non-SSL transport policy attached" type = bool From 4f46e38d91a1a611d4f259a111b0aeb5d20db2c3 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 11 Jun 2021 12:38:35 +0200 Subject: [PATCH 2/4] Fixed naming of things a bit --- README.md | 11 ++++++----- examples/complete/README.md | 12 ++++++------ examples/complete/main.tf | 1 + examples/notification/README.md | 10 +++++----- examples/object/README.md | 14 +++++++------- examples/s3-replication/README.md | 10 +++++----- main.tf | 14 +++++++------- modules/notification/README.md | 2 +- modules/object/README.md | 2 +- variables.tf | 4 ++-- 10 files changed, 41 insertions(+), 39 deletions(-) diff --git a/README.md b/README.md index a2438d32..b6bfdca5 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ These features of S3 bucket configurations are supported: - object locking - Cross-Region Replication (CRR) - ELB log delivery bucket policy -- NLB log delivery bucket policy +- ALB/NLB log delivery bucket policy ## Usage @@ -49,7 +49,7 @@ module "s3_bucket_for_logs" { } ``` -### Bucket with NLB access log delivery policy attached +### Bucket with ALB/NLB access log delivery policy attached ```hcl module "s3_bucket_for_logs" { @@ -61,7 +61,7 @@ module "s3_bucket_for_logs" { # Allow deletion of non-empty bucket force_destroy = true - attach_nlb_log_delivery_policy = true + attach_lb_log_delivery_policy = true } ``` @@ -113,7 +113,7 @@ inputs = { | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.36 | +| [aws](#provider\_aws) | 3.37.0 | ## Modules @@ -130,6 +130,7 @@ No modules. | [aws_iam_policy_document.combined](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.deny_insecure_transport](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.elb_log_delivery](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.lb_log_delivery](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs @@ -139,7 +140,7 @@ No modules. | [acl](#input\_acl) | (Optional) The canned ACL to apply. Defaults to 'private'. Conflicts with `grant` | `string` | `"private"` | no | | [attach\_deny\_insecure\_transport\_policy](#input\_attach\_deny\_insecure\_transport\_policy) | Controls if S3 bucket should have deny non-SSL transport policy attached | `bool` | `false` | no | | [attach\_elb\_log\_delivery\_policy](#input\_attach\_elb\_log\_delivery\_policy) | Controls if S3 bucket should have ELB log delivery policy attached | `bool` | `false` | no | -| [attach\_nlb\_log\_delivery\_policy](#input\_attach\_elb\_log\_delivery\_policy) | Controls if S3 bucket should have NLB log delivery policy attached | `bool` | `false` | no | +| [attach\_lb\_log\_delivery\_policy](#input\_attach\_lb\_log\_delivery\_policy) | Controls if S3 bucket should have ALB/NLB log delivery policy attached | `bool` | `false` | no | | [attach\_policy](#input\_attach\_policy) | Controls if S3 bucket should have bucket policy attached (set to `true` to use value of `policy` as bucket policy) | `bool` | `false` | no | | [attach\_public\_policy](#input\_attach\_public\_policy) | Controls if a user defined public bucket policy will be attached (set to `false` to allow upstream to apply defaults to the bucket) | `bool` | `true` | no | | [block\_public\_acls](#input\_block\_public\_acls) | Whether Amazon S3 should block public ACLs for this bucket. | `bool` | `false` | no | diff --git a/examples/complete/README.md b/examples/complete/README.md index 4742d4fb..ea1e9632 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -2,7 +2,7 @@ Configuration in this directory creates S3 bucket which demos such capabilities: - static web-site hosting -- access logging (for S3 and ELB) +- access logging (for S3, ELB and ALB/NLB) - versioning - CORS - lifecycle rules @@ -37,16 +37,16 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.36 | -| [random](#provider\_random) | >= 2.0 | +| [aws](#provider\_aws) | 3.37.0 | +| [random](#provider\_random) | 3.1.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| [cloudfront\_log\_bucket](#module\_cloudfront\_log\_bucket) | ../../ | | -| [log\_bucket](#module\_log\_bucket) | ../../ | | -| [s3\_bucket](#module\_s3\_bucket) | ../../ | | +| [cloudfront\_log\_bucket](#module\_cloudfront\_log\_bucket) | ../../ | n/a | +| [log\_bucket](#module\_log\_bucket) | ../../ | n/a | +| [s3\_bucket](#module\_s3\_bucket) | ../../ | n/a | ## Resources diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 45f16cbe..c6584291 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -55,6 +55,7 @@ module "log_bucket" { acl = "log-delivery-write" force_destroy = true attach_elb_log_delivery_policy = true + attach_lb_log_delivery_policy = true attach_deny_insecure_transport_policy = true } diff --git a/examples/notification/README.md b/examples/notification/README.md index 9bad715c..e6cd4745 100644 --- a/examples/notification/README.md +++ b/examples/notification/README.md @@ -28,18 +28,18 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.36 | -| [null](#provider\_null) | >= 2.0 | -| [random](#provider\_random) | >= 2.0 | +| [aws](#provider\_aws) | 3.37.0 | +| [null](#provider\_null) | 3.1.0 | +| [random](#provider\_random) | 3.1.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| [all\_notifications](#module\_all\_notifications) | ../../modules/notification | | +| [all\_notifications](#module\_all\_notifications) | ../../modules/notification | n/a | | [lambda\_function1](#module\_lambda\_function1) | terraform-aws-modules/lambda/aws | ~> 2.0 | | [lambda\_function2](#module\_lambda\_function2) | terraform-aws-modules/lambda/aws | ~> 2.0 | -| [s3\_bucket](#module\_s3\_bucket) | ../../ | | +| [s3\_bucket](#module\_s3\_bucket) | ../../ | n/a | | [sns\_topic1](#module\_sns\_topic1) | terraform-aws-modules/sns/aws | ~> 3.0 | | [sns\_topic2](#module\_sns\_topic2) | terraform-aws-modules/sns/aws | ~> 3.0 | diff --git a/examples/object/README.md b/examples/object/README.md index d3fec7a8..3b2b65f7 100644 --- a/examples/object/README.md +++ b/examples/object/README.md @@ -27,18 +27,18 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.36 | -| [random](#provider\_random) | >= 2.0 | +| [aws](#provider\_aws) | 3.37.0 | +| [random](#provider\_random) | 3.1.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| [object](#module\_object) | ../../modules/object | | -| [object\_complete](#module\_object\_complete) | ../../modules/object | | -| [object\_locked](#module\_object\_locked) | ../../modules/object | | -| [s3\_bucket](#module\_s3\_bucket) | ../../ | | -| [s3\_bucket\_with\_object\_lock](#module\_s3\_bucket\_with\_object\_lock) | ../../ | | +| [object](#module\_object) | ../../modules/object | n/a | +| [object\_complete](#module\_object\_complete) | ../../modules/object | n/a | +| [object\_locked](#module\_object\_locked) | ../../modules/object | n/a | +| [s3\_bucket](#module\_s3\_bucket) | ../../ | n/a | +| [s3\_bucket\_with\_object\_lock](#module\_s3\_bucket\_with\_object\_lock) | ../../ | n/a | ## Resources diff --git a/examples/s3-replication/README.md b/examples/s3-replication/README.md index 3f220489..f41bc1ab 100644 --- a/examples/s3-replication/README.md +++ b/examples/s3-replication/README.md @@ -29,16 +29,16 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.36 | -| [aws.replica](#provider\_aws.replica) | >= 3.36 | -| [random](#provider\_random) | >= 2.0 | +| [aws](#provider\_aws) | 3.37.0 | +| [aws.replica](#provider\_aws.replica) | 3.37.0 | +| [random](#provider\_random) | 3.1.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| [replica\_bucket](#module\_replica\_bucket) | ../../ | | -| [s3\_bucket](#module\_s3\_bucket) | ../../ | | +| [replica\_bucket](#module\_replica\_bucket) | ../../ | n/a | +| [s3\_bucket](#module\_s3\_bucket) | ../../ | n/a | ## Resources diff --git a/main.tf b/main.tf index 786adcc3..79cee8b0 100644 --- a/main.tf +++ b/main.tf @@ -1,5 +1,5 @@ locals { - attach_policy = var.attach_elb_log_delivery_policy || var.attach_nlb_log_delivery_policy || var.attach_deny_insecure_transport_policy || var.attach_policy + attach_policy = var.attach_elb_log_delivery_policy || var.attach_lb_log_delivery_policy || var.attach_deny_insecure_transport_policy || var.attach_policy } resource "aws_s3_bucket" "this" { @@ -247,7 +247,7 @@ data "aws_iam_policy_document" "combined" { source_policy_documents = compact([ var.attach_elb_log_delivery_policy ? data.aws_iam_policy_document.elb_log_delivery[0].json : "", - var.attach_nlb_log_delivery_policy ? data.aws_iam_policy_document.nlb_log_delivery[0].json : "", + var.attach_lb_log_delivery_policy ? data.aws_iam_policy_document.lb_log_delivery[0].json : "", var.attach_deny_insecure_transport_policy ? data.aws_iam_policy_document.deny_insecure_transport[0].json : "", var.attach_policy ? var.policy : "" ]) @@ -281,10 +281,10 @@ data "aws_iam_policy_document" "elb_log_delivery" { } } -# NLB +# ALB/NLB -data "aws_iam_policy_document" "nlb_log_delivery" { - count = var.create_bucket && var.attach_nlb_log_delivery_policy ? 1 : 0 +data "aws_iam_policy_document" "lb_log_delivery" { + count = var.create_bucket && var.attach_lb_log_delivery_policy ? 1 : 0 statement { sid = "AWSLogDeliveryWrite" @@ -305,9 +305,9 @@ data "aws_iam_policy_document" "nlb_log_delivery" { ] condition { - test = "StringEquals" + test = "StringEquals" variable = "s3:x-amz-acl" - values = ["bucket-owner-full-control"] + values = ["bucket-owner-full-control"] } } diff --git a/modules/notification/README.md b/modules/notification/README.md index 836c86de..e60e826c 100644 --- a/modules/notification/README.md +++ b/modules/notification/README.md @@ -14,7 +14,7 @@ Creates S3 bucket notification resource with all supported types of deliveries: | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.28 | +| [aws](#provider\_aws) | 3.37.0 | ## Modules diff --git a/modules/object/README.md b/modules/object/README.md index 665f2b94..58d7ca49 100644 --- a/modules/object/README.md +++ b/modules/object/README.md @@ -14,7 +14,7 @@ Creates S3 bucket objects with different configurations. | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 3.36 | +| [aws](#provider\_aws) | 3.37.0 | ## Modules diff --git a/variables.tf b/variables.tf index ba1f8bbf..2971a80e 100644 --- a/variables.tf +++ b/variables.tf @@ -10,8 +10,8 @@ variable "attach_elb_log_delivery_policy" { default = false } -variable "attach_nlb_log_delivery_policy" { - description = "Controls if S3 bucket should have NLB log delivery policy attached" +variable "attach_lb_log_delivery_policy" { + description = "Controls if S3 bucket should have ALB/NLB log delivery policy attached" type = bool default = false } From c6e2b138b061f26a8098d825db1f613f4882d551 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 11 Jun 2021 14:11:16 +0200 Subject: [PATCH 3/4] fixing docs --- README.md | 2 +- examples/complete/README.md | 10 +++++----- examples/notification/README.md | 10 +++++----- examples/object/README.md | 14 +++++++------- examples/s3-replication/README.md | 10 +++++----- modules/notification/README.md | 2 +- modules/object/README.md | 2 +- 7 files changed, 25 insertions(+), 25 deletions(-) diff --git a/README.md b/README.md index b6bfdca5..69df8e03 100644 --- a/README.md +++ b/README.md @@ -113,7 +113,7 @@ inputs = { | Name | Version | |------|---------| -| [aws](#provider\_aws) | 3.37.0 | +| [aws](#provider\_aws) | >= 3.36 | ## Modules diff --git a/examples/complete/README.md b/examples/complete/README.md index ea1e9632..442a7afc 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -37,16 +37,16 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | 3.37.0 | -| [random](#provider\_random) | 3.1.0 | +| [aws](#provider\_aws) | >= 3.36 | +| [random](#provider\_random) | >= 2.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| [cloudfront\_log\_bucket](#module\_cloudfront\_log\_bucket) | ../../ | n/a | -| [log\_bucket](#module\_log\_bucket) | ../../ | n/a | -| [s3\_bucket](#module\_s3\_bucket) | ../../ | n/a | +| [cloudfront\_log\_bucket](#module\_cloudfront\_log\_bucket) | ../../ | | +| [log\_bucket](#module\_log\_bucket) | ../../ | | +| [s3\_bucket](#module\_s3\_bucket) | ../../ | | ## Resources diff --git a/examples/notification/README.md b/examples/notification/README.md index e6cd4745..9bad715c 100644 --- a/examples/notification/README.md +++ b/examples/notification/README.md @@ -28,18 +28,18 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | 3.37.0 | -| [null](#provider\_null) | 3.1.0 | -| [random](#provider\_random) | 3.1.0 | +| [aws](#provider\_aws) | >= 3.36 | +| [null](#provider\_null) | >= 2.0 | +| [random](#provider\_random) | >= 2.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| [all\_notifications](#module\_all\_notifications) | ../../modules/notification | n/a | +| [all\_notifications](#module\_all\_notifications) | ../../modules/notification | | | [lambda\_function1](#module\_lambda\_function1) | terraform-aws-modules/lambda/aws | ~> 2.0 | | [lambda\_function2](#module\_lambda\_function2) | terraform-aws-modules/lambda/aws | ~> 2.0 | -| [s3\_bucket](#module\_s3\_bucket) | ../../ | n/a | +| [s3\_bucket](#module\_s3\_bucket) | ../../ | | | [sns\_topic1](#module\_sns\_topic1) | terraform-aws-modules/sns/aws | ~> 3.0 | | [sns\_topic2](#module\_sns\_topic2) | terraform-aws-modules/sns/aws | ~> 3.0 | diff --git a/examples/object/README.md b/examples/object/README.md index 3b2b65f7..d3fec7a8 100644 --- a/examples/object/README.md +++ b/examples/object/README.md @@ -27,18 +27,18 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | 3.37.0 | -| [random](#provider\_random) | 3.1.0 | +| [aws](#provider\_aws) | >= 3.36 | +| [random](#provider\_random) | >= 2.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| [object](#module\_object) | ../../modules/object | n/a | -| [object\_complete](#module\_object\_complete) | ../../modules/object | n/a | -| [object\_locked](#module\_object\_locked) | ../../modules/object | n/a | -| [s3\_bucket](#module\_s3\_bucket) | ../../ | n/a | -| [s3\_bucket\_with\_object\_lock](#module\_s3\_bucket\_with\_object\_lock) | ../../ | n/a | +| [object](#module\_object) | ../../modules/object | | +| [object\_complete](#module\_object\_complete) | ../../modules/object | | +| [object\_locked](#module\_object\_locked) | ../../modules/object | | +| [s3\_bucket](#module\_s3\_bucket) | ../../ | | +| [s3\_bucket\_with\_object\_lock](#module\_s3\_bucket\_with\_object\_lock) | ../../ | | ## Resources diff --git a/examples/s3-replication/README.md b/examples/s3-replication/README.md index f41bc1ab..3f220489 100644 --- a/examples/s3-replication/README.md +++ b/examples/s3-replication/README.md @@ -29,16 +29,16 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | 3.37.0 | -| [aws.replica](#provider\_aws.replica) | 3.37.0 | -| [random](#provider\_random) | 3.1.0 | +| [aws](#provider\_aws) | >= 3.36 | +| [aws.replica](#provider\_aws.replica) | >= 3.36 | +| [random](#provider\_random) | >= 2.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| [replica\_bucket](#module\_replica\_bucket) | ../../ | n/a | -| [s3\_bucket](#module\_s3\_bucket) | ../../ | n/a | +| [replica\_bucket](#module\_replica\_bucket) | ../../ | | +| [s3\_bucket](#module\_s3\_bucket) | ../../ | | ## Resources diff --git a/modules/notification/README.md b/modules/notification/README.md index e60e826c..836c86de 100644 --- a/modules/notification/README.md +++ b/modules/notification/README.md @@ -14,7 +14,7 @@ Creates S3 bucket notification resource with all supported types of deliveries: | Name | Version | |------|---------| -| [aws](#provider\_aws) | 3.37.0 | +| [aws](#provider\_aws) | >= 3.28 | ## Modules diff --git a/modules/object/README.md b/modules/object/README.md index 58d7ca49..665f2b94 100644 --- a/modules/object/README.md +++ b/modules/object/README.md @@ -14,7 +14,7 @@ Creates S3 bucket objects with different configurations. | Name | Version | |------|---------| -| [aws](#provider\_aws) | 3.37.0 | +| [aws](#provider\_aws) | >= 3.36 | ## Modules From d9e3cbfdaa984cca2845beb85219fc391c85d1bf Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 11 Jun 2021 14:16:40 +0200 Subject: [PATCH 4/4] Updated code of wrappers --- wrappers/README.md | 2 +- wrappers/main.tf | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/wrappers/README.md b/wrappers/README.md index 57e10a7d..cae2d976 100644 --- a/wrappers/README.md +++ b/wrappers/README.md @@ -6,7 +6,7 @@ You may want to use a single Terragrunt configuration file to manage multiple re This wrapper does not implement any extra functionality. -# Usage with Terragrunt +## Usage with Terragrunt `terragrunt.hcl`: diff --git a/wrappers/main.tf b/wrappers/main.tf index bf90e915..6bb5af34 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -5,6 +5,7 @@ module "wrapper" { create_bucket = lookup(each.value, "create_bucket", true) attach_elb_log_delivery_policy = lookup(each.value, "attach_elb_log_delivery_policy", false) + attach_lb_log_delivery_policy = lookup(each.value, "attach_lb_log_delivery_policy", false) attach_deny_insecure_transport_policy = lookup(each.value, "attach_deny_insecure_transport_policy", false) attach_policy = lookup(each.value, "attach_policy", false) attach_public_policy = lookup(each.value, "attach_public_policy", true)