Merge pull request #1 from QuiNovas/develop

First checkin
QuiNovas · Aug 23, 2018 · 3cfac56 · 3cfac56
2 parents cb1f4b4 + 93fdfd7
commit 3cfac56
Show file tree

Hide file tree

Showing 5 changed files with 98 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+.idea/
+*.iml
diff --git a/README.md b/README.md
@@ -0,0 +1,11 @@
+# terraform-aws-lambda-functions-bucket
+
+This module creates a bucket for log storage, including from other S3 buckets
+
+## Authors
+
+Module managed by Quinovas (https://github.com/QuiNovas)
+
+## License
+
+Apache License, Version 2.0, January 2004 (http://www.apache.org/licenses/). See LICENSE for full details.
diff --git a/main.tf b/main.tf
@@ -0,0 +1,72 @@
+resource "aws_s3_bucket" "log" {
+  bucket  = "${var.name_prefix}-log"
+  acl     = "log-delivery-write"
+  lifecycle {
+    prevent_destroy = true
+  }
+  lifecycle_rule {
+    id      = "log"
+    prefix  = "/"
+    enabled = true
+
+    transition {
+      days = 30
+      storage_class = "GLACIER"
+    }
+
+    expiration {
+      days = 2555
+    }
+  }
+}
+
+data "aws_elb_service_account" "main" {}
+
+data "aws_iam_policy_document" "log" {
+
+  statement {
+    actions   = [
+      "s3:PutObject"
+    ]
+    principals {
+      identifiers = [
+        "${data.aws_elb_service_account.main.arn}"
+      ]
+      type = "AWS"
+    }
+    resources = [
+      "${aws_s3_bucket.log.arn}/elb/*"
+    ]
+    sid       = "EnableELBLogging"
+  }
+
+  statement {
+    actions = [
+      "s3:*"
+    ]
+    condition {
+      test = "Bool"
+      values = [
+        "false"
+      ]
+      variable = "aws:SecureTransport"
+    }
+    effect = "Deny"
+    principals {
+      identifiers = [
+        "*"
+      ]
+      type = "AWS"
+    }
+    resources = [
+      "${aws_s3_bucket.log.arn}",
+      "${aws_s3_bucket.log.arn}/*"
+    ]
+    sid = "DenyUnsecuredTransport"
+  }
+}
+
+resource "aws_s3_bucket_policy" "log" {
+  bucket = "${aws_s3_bucket.log.id}"
+  policy = "${data.aws_iam_policy_document.log.json}"
+}
diff --git a/outputs.tf b/outputs.tf
@@ -0,0 +1,9 @@
+output "arn" {
+  description = "The ARN of the bucket. Will be of format arn:aws:s3:::bucketname."
+  value       = "${aws_s3_bucket.log.arn}"
+}
+
+output "id" {
+  description = "The name of the bucket."
+  value       = "${aws_s3_bucket.log.id}"
+}
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,4 @@
+variable "name_prefix" {
+  description = "The name prefix to use when creating resource names"
+  type        = "string"
+}