feat(modules/alb): access and connection logs configuration

saumitra-dev · saumitra-dev · commit 788c0df64f4d · 2024-08-06T15:28:13.000+05:30
diff --git a/modules/alb/main.tf b/modules/alb/main.tf
@@ -15,6 +15,28 @@ resource "aws_lb" "this" {
   preserve_host_header       = var.preserve_host_header
   enable_deletion_protection = var.enable_deletion_protection
 
+  dynamic "access_logs" {
+    for_each = var.access_logs != null ? [var.access_logs] : []
+    iterator = access_log
+
+    content {
+      bucket  = access_log.value.bucket
+      enabled = access_log.value.enabled
+      prefix  = access_log.value.prefix
+    }
+  }
+
+  dynamic "connection_logs" {
+    for_each = var.connection_logs != null ? [var.connection_logs] : []
+    iterator = connection_log
+
+    content {
+      bucket  = connection_log.value.bucket
+      enabled = connection_log.value.enabled
+      prefix  = connection_log.value.prefix
+    }
+  }
+
   tags = var.tags
 }
 
diff --git a/modules/alb/variables.tf b/modules/alb/variables.tf
@@ -37,6 +37,26 @@ variable "enable_deletion_protection" {
   default     = false
 }
 
+variable "access_logs" {
+  description = "(Optional) Access Logs block."
+  type = object({
+    bucket  = string
+    enabled = optional(bool, true)
+    prefix  = optional(string, null)
+  })
+  default = null
+}
+
+variable "connection_logs" {
+  description = "(Optional) Connection Logs block."
+  type = object({
+    bucket  = string
+    enabled = optional(bool, false)
+    prefix  = optional(string, null)
+  })
+  default = null
+}
+
 variable "tags" {
   description = "(Optional) Map of tags to assign to the resource."
   type        = map(string)
diff --git a/tests/alb_unit_tests.tftest.hcl b/tests/alb_unit_tests.tftest.hcl
@@ -21,6 +21,18 @@ run "lb_attributes_match" {
     preserve_host_header       = true
     enable_deletion_protection = true
 
+    access_logs = {
+      bucket  = "example-access-logs-bucket"
+      enabled = true
+      prefix  = "example-access-logs-bucket-prefix"
+    }
+
+    connection_logs = {
+      bucket  = "example-connection-logs-bucket"
+      enabled = true
+      prefix  = "example-connection-logs-bucket-prefix"
+    }
+
     listeners = {}
 
     tags = {
@@ -57,6 +69,16 @@ run "lb_attributes_match" {
     error_message = "Enable deletion protection mismatch"
   }
 
+  assert {
+    condition     = aws_lb.this.access_logs[0] == var.access_logs
+    error_message = "Access logs mismatch"
+  }
+
+  assert {
+    condition     = aws_lb.this.connection_logs[0] == var.connection_logs
+    error_message = "Connection logs mismatch"
+  }
+
   assert {
     condition     = aws_lb.this.tags == var.tags
     error_message = "Tags mismatch"
