-
Notifications
You must be signed in to change notification settings - Fork 887
/
loadbalancer-accesslogs-existingbucket.config
61 lines (57 loc) · 3.37 KB
/
loadbalancer-accesslogs-existingbucket.config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
###################################################################################################
#### Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
####
#### Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file
#### except in compliance with the License. A copy of the License is located at
####
#### http://aws.amazon.com/apache2.0/
####
#### or in the "license" file accompanying this file. This file is distributed on an "AS IS"
#### BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#### License for the specific language governing permissions and limitations under the License.
###################################################################################################
###################################################################################################
#### This file configures your environment's load balancer to update access logs to an existing
#### bucket. Specify the name of your bucket in the Parameters section below. You can also set a
#### prefix for the load balancer to add to the log files in addition to the default prefix, which
#### starts with "AWSLogs" and looks similar to the following:
#### AWSLogs/123456789012/elasticloadbalancing/us-west-2/2017/09/01
####
#### Use this example if you're using a classic load balancer. If you're using one of the newer
#### load balancer types, network load balancer or application load balancer, you don't need the
#### style of configuration shown in this example. With these load balancer types, we support native
#### Elastic Beanstalk options to enable uploading logs to S3 and to configure the S3 bucket.
#### The options are in the aws:elbv2:loadbalancer namespace. You can also configure these options
#### using the Elastic Beanstalk console.
####
#### The load balancer must have permission to upload logs to the bucket. See the following topic
#### for instructions on creating or updating a bucket policy:
#### http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/enable-access-logs.html
####
#### If you don't already have a bucket policy, you can apply one with commands like the following:
#### $ ELBACCOUNT=797873946194 # For us-west-2, see above topic for other regions
#### $ BUCKET=my-bucket
#### $ PREFIX=my-app/
#### $ aws s3api put-bucket-policy --bucket ${BUCKET} --policy "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::${ELBACCOUNT}:root\"},\"Action\":\"s3:PutObject\",\"Resource\":\"arn:aws:s3:::${BUCKET}/${PREFIX}AWSLogs/*\"}]}"
###################################################################################################
Parameters:
bucket:
Type: String
Description: "Name of the Amazon S3 bucket in which to store load balancer logs"
Default: "my-bucket"
bucketprefix:
Type: String
Description: "Optional prefix. Can't start or end with a /, or contain the word AWSLogs"
Default: ""
##############################################
#### Do not modify values below this line ####
##############################################
Resources:
AWSEBLoadBalancer:
Type: AWS::ElasticLoadBalancing::LoadBalancer
Properties:
AccessLoggingPolicy:
EmitInterval: 5
Enabled: true
S3BucketName: { "Ref" : "bucket" }
S3BucketPrefix: { "Ref" : "bucketprefix" }