CCL-859: add option to specify s3 bucket prefixes, update README.md (#…

…196)
UKHomeOffice · Nov 18, 2024 · e696160 · e696160
1 parent 6632b39
commit e696160
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 10 deletions.
diff --git a/modules/aws/networking/alb/README.md b/modules/aws/networking/alb/README.md
@@ -1,9 +1,6 @@
-<!-- BEGIN_TF_DOCS -->
-# Terraform Module - ALB
-
-This module provisions resources for ... ALB
+# Example usage: 
 
-Example usage: terragrunt.hcl
+## terragrunt.hcl
 
 ```hcl
 inputs = {
@@ -55,14 +52,22 @@ inputs = {
   ]
 }
 ``` 
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+No requirements.
+
 ## Providers
 
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
-## Requirements
 
-No requirements.
+## Modules
+
+No modules.
+
 ## Resources
 
 | Name | Type |
@@ -72,14 +77,19 @@ No requirements.
 | [aws_lb_target_group.lb_target_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group) | resource |
 | [aws_lb_target_group_attachment.lb_target_group_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group_attachment) | resource |
 | [aws_security_group.sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_access_logs_bucket"></a> [access\_logs\_bucket](#input\_access\_logs\_bucket) | S3 bucket for NLB access logs | `string` | n/a | yes |
+| <a name="input_access_logs_bucket_prefix"></a> [access\_logs\_bucket\_prefix](#input\_access\_logs\_bucket\_prefix) | S3 bucket prefix if bucket is stored outside root account | `string` | `""` | no |
+| <a name="input_access_logs_enabled"></a> [access\_logs\_enabled](#input\_access\_logs\_enabled) | access\_logs\_enabled - true or false | `string` | n/a | yes |
 | <a name="input_certificate_arn"></a> [certificate\_arn](#input\_certificate\_arn) | ARN of the SSL certificate for HTTPS listener | `string` | n/a | yes |
 | <a name="input_egress_rules"></a> [egress\_rules](#input\_egress\_rules) | A list of egress rules | <pre>list(object({<br/>    from_port   = number<br/>    to_port     = number<br/>    protocol    = string<br/>    cidr_blocks  = list(string)<br/>    description = string<br/>  }))</pre> | n/a | yes |
-| <a name="input_enable_deletion_protection"></a> [enable\_deletion\_protection](#input\_enable\_deletion\_protection) | enable\_deletion\_protection true or false | `string` | n/a | yes |
+| <a name="input_enable_cross_zone_load_balancing"></a> [enable\_cross\_zone\_load\_balancing](#input\_enable\_cross\_zone\_load\_balancing) | enable\_cross\_zone\_load\_balancing - true or false | `string` | n/a | yes |
+| <a name="input_enable_deletion_protection"></a> [enable\_deletion\_protection](#input\_enable\_deletion\_protection) | enable\_deletion\_protection - true or false | `string` | n/a | yes |
+| <a name="input_enable_http2"></a> [enable\_http2](#input\_enable\_http2) | enable\_http2 - true or false | `string` | n/a | yes |
 | <a name="input_ingress_rules"></a> [ingress\_rules](#input\_ingress\_rules) | A list of ingress rules | <pre>list(object({<br/>    from_port   = number<br/>    to_port     = number<br/>    protocol    = string<br/>    cidr_blocks  = list(string)<br/>    description = string<br/>  }))</pre> | n/a | yes |
 | <a name="input_load_balancer_internal"></a> [load\_balancer\_internal](#input\_load\_balancer\_internal) | load\_balancer\_internal - true or false | `string` | n/a | yes |
 | <a name="input_load_balancer_type"></a> [load\_balancer\_type](#input\_load\_balancer\_type) | load\_balancer\_type - network or application | `string` | n/a | yes |
@@ -91,12 +101,11 @@ No requirements.
 | <a name="input_tg_port"></a> [tg\_port](#input\_tg\_port) | target group port | `string` | n/a | yes |
 | <a name="input_tg_protocol"></a> [tg\_protocol](#input\_tg\_protocol) | target group protocol | `string` | n/a | yes |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID where NLB will be deployed | `string` | n/a | yes |
+
 ## Outputs
 
 | Name | Description |
 |------|-------------|
 | <a name="output_alb_dns_name"></a> [alb\_dns\_name](#output\_alb\_dns\_name) | The DNS name of the LB |
 | <a name="output_alb_security_group_id"></a> [alb\_security\_group\_id](#output\_alb\_security\_group\_id) | n/a |
-
-
 <!-- END_TF_DOCS -->
diff --git a/modules/aws/networking/alb/main.tf b/modules/aws/networking/alb/main.tf
@@ -10,6 +10,7 @@ resource "aws_lb" "lb" {
 
   access_logs {
     bucket  = var.access_logs_bucket
+    prefix  = var.access_logs_bucket_prefix
     enabled = var.access_logs_enabled
   }
 

diff --git a/modules/aws/networking/alb/variables.tf b/modules/aws/networking/alb/variables.tf
@@ -35,6 +35,12 @@ variable "access_logs_bucket" {
   description = "S3 bucket for NLB access logs"
 }
 
+variable "access_logs_bucket_prefix" {
+  type        = string
+  description = "S3 bucket prefix if bucket is stored outside root account"
+  default     = ""
+}
+
 variable "access_logs_enabled" {
   type        = string
   description = "access_logs_enabled - true or false"