Minor LB Fixes

README.md

@@ -58,7 +58,7 @@ jobs:
 1. [AWS Route53 Domains and Certificates](#aws-route53-domains-and-certificate-inputs)
 1. [Load Balancer](#load-balancer-inputs-classic-elb)
 1. [Application Load Balancer Inputs (ALB)](#application-load-balancer-inputs-alb)
-1. [WAF](#waf)
+1. [WAF](#waf-inputs)
 1. [EFS](#efs-inputs)
 1. [RDS](#rds-inputs)
 1. [Amazon Aurora Inputs](#aurora-inputs)
@@ -220,17 +220,20 @@ The following inputs can be used as `step.with` keys
 | `aws_alb_app_port` | String | Comma-separated list of application ports for ALB target group. If none defined, will use `aws_alb_listen_port` ones. |
 | `aws_alb_app_protocol` | String | Comma-separated list of protocols for ALB target group (HTTP/HTTPS). Defaults to `HTTP`. |
 | `aws_alb_listen_port` | String | Comma-separated list of listener ports for ALB. Depending on certificate, defaults to `80` or `443`. |
-| `aws_alb_listen_protocol` | String | Comma-separated list of listener protocols for ALB (HTTP/HTTPS). Defaults to Depending on certificate, defaults to `HTTP` or `HTTPS`. |
+| `aws_alb_listen_protocol` | String | Comma-separated list of listener protocols for ALB (HTTP/HTTPS). Depending on certificate, defaults to `HTTP` or `HTTPS`. |
 | `aws_alb_redirect_enable` | Boolean | Enable HTTP to HTTPS redirection on ALB. Defaults to `false` |
 | `aws_alb_www_to_apex_redirect` | Boolean | Enable www to apex domain redirection on ALB. Defaults to `false` |
 | `aws_alb_healthcheck_path` | String | Health check path for ALB target group. Defaults to `"/"` |
 | `aws_alb_healthcheck_protocol` | String | Health check protocol for ALB target group. Defaults to `"HTTP"` |
 | `aws_alb_ssl_policy` | String | SSL policy for HTTPS listeners. More [here](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/describe-ssl-policies.html) |
+| `aws_alb_access_log_enabled` | Boolean | Enable ALB access logs. |
+| `aws_alb_access_log_bucket_name` | String | S3 bucket name to store the ALB access logs. Defaults to `${aws_resource_identifier}-lb`. **Bucket will be deleted if stack is destroyed.** |
+| `aws_alb_access_log_expire` | String | Delete the access logs after this amount of days. Defaults to `90`. Set to `0` in order to disable this policy. | 
 | `aws_alb_additional_tags`| String | A list of strings that will be added to created resources. Example: `{"key1": "value1", "key2": "value2"}`. Default `"{}"` |
 <hr/>
 <br/>
 
-#### **WAF**
+#### **WAF Inputs**
 | Name             | Type    | Description                        |
 |------------------|---------|------------------------------------|
 | `aws_waf_enable` | Boolean | Enable WAF for load balancer (LB only - NOT ELB). Default is `false` |

operations/_scripts/deploy/deploy.sh

@@ -36,8 +36,8 @@ export GITHUB_IDENTIFIER_SS="$($GITHUB_ACTION_PATH/operations/_scripts/generate/
 # Generate buckets identifiers and check them agains AWS Rules 
 export TF_STATE_BUCKET="$(/bin/bash $GITHUB_ACTION_PATH/operations/_scripts/generate/generate_buckets_identifiers.sh tf | xargs)"
 /bin/bash $GITHUB_ACTION_PATH/operations/_scripts/deploy/check_bucket_name.sh $TF_STATE_BUCKET
-export AWS_ELB_ACCESS_LOG_BUCKET_NAME="$(/bin/bash $GITHUB_ACTION_PATH/operations/_scripts/generate/generate_buckets_identifiers.sh lb | xargs)"
-/bin/bash $GITHUB_ACTION_PATH/operations/_scripts/deploy/check_bucket_name.sh $AWS_ELB_ACCESS_LOG_BUCKET_NAME
+#export AWS_ELB_ACCESS_LOG_BUCKET_NAME="$(/bin/bash $GITHUB_ACTION_PATH/operations/_scripts/generate/generate_buckets_identifiers.sh lb | xargs)"
+#/bin/bash $GITHUB_ACTION_PATH/operations/_scripts/deploy/check_bucket_name.sh $AWS_ELB_ACCESS_LOG_BUCKET_NAME
 
 # Generate the provider.tf file
 /bin/bash $GITHUB_ACTION_PATH/operations/_scripts/generate/generate_provider.sh

operations/_scripts/generate/generate_buckets_identifiers.sh

@@ -19,7 +19,7 @@ case $1 in
 
   ;;
   lb)
-      # Generate AWS_ELB_ACCESS_LOG_BUCKET_NAME ID
+      # Generate AWS_ELB_ACCESS_LOG_BUCKET_NAME ID - # Not in use anymore
       #  Add trailing id depending on name length - See AWS S3 bucket naming rules
       if [[ ${#GITHUB_IDENTIFIER} < 59 ]]; then
         AWS_ELB_ACCESS_LOG_BUCKET_NAME="${GITHUB_IDENTIFIER}-logs"

operations/deployment/terraform/aws/bitovi_main.tf

@@ -109,7 +109,7 @@ module "aws_elb" {
   aws_elb_listen_port            = var.aws_elb_listen_port
   aws_elb_listen_protocol        = var.aws_elb_listen_protocol
   aws_elb_healthcheck            = var.aws_elb_healthcheck
-  aws_elb_access_log_bucket_name = var.aws_elb_access_log_bucket_name
+  aws_elb_access_log_bucket_name = var.aws_elb_access_log_bucket_name != "" ? var.aws_elb_access_log_bucket_name : ( length(var.aws_resource_identifier) < 59 ? "${var.aws_resource_identifier}-logs" : "${var.aws_resource_identifier}-lg" )
   aws_elb_access_log_expire      = var.aws_elb_access_log_expire
   # EC2
   aws_instance_server_az  = [module.vpc.preferred_az]
@@ -144,7 +144,7 @@ module "aws_lb" {
   aws_alb_ssl_policy           = var.aws_alb_ssl_policy
   # Logging
   aws_alb_access_log_enabled     = var.aws_alb_access_log_enabled
-  aws_alb_access_log_bucket_name = var.aws_alb_access_log_bucket_name
+  aws_alb_access_log_bucket_name = var.aws_alb_access_log_bucket_name != "" ? var.aws_alb_access_log_bucket_name : "${var.aws_resource_identifier}-lb"
   aws_alb_access_log_expire      = var.aws_alb_access_log_expire
   # EC2
   aws_vpc_selected_id     = module.vpc.aws_selected_vpc_id