Description

When using attach_lb_log_delivery_policy, the full policy shown at https://docs.aws.amazon.com/elasticloadbalancing/latest/network/enable-access-logs.html is not used.

The conditions specifying aws:SourceAccount and aws:SourceArn are not included.

See

I see we can lock down a bit more using lb_log_delivery_policy_source_organizations, however ideally, we should be able to lock down to a single or multiple accounts.

Is this intentional? Or is it a missing variable that could be added, e.g., lb_log_delivery_policy_source_accounts?

• ✋ I have searched the open/closed issues and my issue is not listed.

Versions

• Module version [Required]: latest

• Terraform version: latest

• Provider version(s): latest

Reproduction Code [Required]

See above

Expected behavior

We should be able to enforce only allowing logs from a single or multiple accounts.

Actual behavior

Terminal Output Screenshot(s)

Additional context