forked from cloudposse/terraform-aws-s3-log-storage
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME.yaml
154 lines (135 loc) · 5.89 KB
/
README.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
name: terraform-aws-s3-log-storage
tags:
- aws
- terraform
- terraform-modules
- logging
- s3
- bucket
- logs
- storage
- glacier
- standard
- lifecycle-management
- versioning
categories:
- terraform-modules/logging
license: APACHE2
github_repo: cloudposse/terraform-aws-s3-log-storage
badges:
- name: Latest Release
image: https://img.shields.io/github/release/cloudposse/terraform-aws-s3-log-storage.svg
url: https://github.com/cloudposse/terraform-aws-s3-log-storage/releases/latest
- name: Slack Community
image: https://slack.cloudposse.com/badge.svg
url: https://slack.cloudposse.com
related:
- name: terraform-aws-s3-bucket
description: Terraform module that creates an S3 bucket with an optional IAM user for external CI/CD systems
url: https://github.com/cloudposse/terraform-aws-s3-bucket
- name: terraform-aws-cloudfront-s3-cdn
description: Terraform module to easily provision CloudFront CDN backed by an S3
origin
url: https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn
- name: terraform-aws-s3-website
description: Terraform Module for Creating S3 backed Websites and Route53 DNS
url: https://github.com/cloudposse/terraform-aws-s3-website
- name: terraform-aws-user-data-s3-backend
description: Terraform Module to Offload User Data to S3
url: https://github.com/cloudposse/terraform-aws-user-data-s3-backend
- name: terraform-aws-s3-logs-athena-query
description: A Terraform module that creates an Athena Database and Structure for
querying S3 access logs
url: https://github.com/cloudposse/terraform-aws-s3-logs-athena-query
- name: terraform-aws-lb-s3-bucket
description: Terraform module to provision an S3 bucket with built in IAM policy
to allow AWS Load Balancers to ship access logs
url: https://github.com/cloudposse/terraform-aws-lb-s3-bucket
description: |-
This module creates an S3 bucket suitable for receiving logs from other `AWS` services such as `S3`, `CloudFront`, and `CloudTrails`.
**WARNING:** Changes introduced in version 0.27.0 present a **HIGH RISK OF DATA LOSS** when upgrading from an
earlier version. This warning does not apply to new deployments created with version 0.28.0 or later, but
if upgrading from an earlier version, please follow the
[upgrade instructions](https://github.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.27.0-(POTENTIAL-DATA-LOSS))
in this repo's Wiki.
This module implements a configurable log retention policy, which allows you to efficiently manage logs across different storage classes (_e.g._ `Glacier`) and ultimately expire the data altogether.
It enables server-side default encryption.
https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html
It blocks public access to the bucket by default.
https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html
As of March, 2022, this module is primarily a wrapper around our
[s3-bucket](https://github.com/cloudposse/terraform-aws-s3-bucket)
module, with some options preconfigured and SQS notifications added. If it does not exactly suit your needs,
you may want to use the `s3-bucket` module directly.
usage: |-
**WARNING:** Changes introduced in version 0.27.0 present a **HIGH RISK OF DATA LOSS** when upgrading from an
earlier version. This warning does not apply to new deployments created with version 0.28.0 or later, but
if upgrading from an earlier version, please follow the
[upgrade instructions](https://github.com/cloudposse/terraform-aws-s3-log-storage/wiki/Upgrading-to-v0.27.0-(POTENTIAL-DATA-LOSS))
in this repo's Wiki.
```hcl
module "log_storage" {
source = "cloudposse/s3-log-storage/aws"
# Cloud Posse recommends pinning every module to a specific version
# version = "x.x.x"
name = "logs"
stage = "test"
namespace = "eg"
acl = "log-delivery-write"
standard_transition_days = 30
glacier_transition_days = 60
expiration_days = 90
}
```
This module supports full S3 [storage lifecycle](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html) configuration:
```hcl
locals {
lifecycle_configuration_rule = {
enabled = true # bool
id = "v2rule"
abort_incomplete_multipart_upload_days = 1 # number
filter_and = null
expiration = {
days = 120 # integer > 0
}
noncurrent_version_expiration = {
newer_noncurrent_versions = 3 # integer > 0
noncurrent_days = 60 # integer >= 0
}
transition = [{
days = 30 # integer >= 0
storage_class = "STANDARD_IA" # string/enum, one of GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE, GLACIER_IR.
},
{
days = 60 # integer >= 0
storage_class = "ONEZONE_IA" # string/enum, one of GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE, GLACIER_IR.
}]
noncurrent_version_transition = [{
newer_noncurrent_versions = 3 # integer >= 0
noncurrent_days = 30 # integer >= 0
storage_class = "ONEZONE_IA" # string/enum, one of GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE, GLACIER_IR.
}]
}
}
module "log_storage" {
source = "cloudposse/s3-log-storage/aws"
# Cloud Posse recommends pinning every module to a specific version
# version = "x.x.x"
name = "logs"
stage = "test"
namespace = "eg"
lifecycle_configuration_rules = [var.lifecycle_configuration_rule]
}
```
include:
- docs/targets.md
- docs/terraform.md
contributors:
- name: Erik Osterman
github: osterman
- name: Andriy Knysh
github: aknysh
- name: Vladimir
github: SweetOps
- name: Gonzalo Peci
github: pecigonzalo