Permalink
Switch branches/tags
Nothing to show
Find file Copy path
aa081f8 Oct 13, 2017
1 contributor

Users who have contributed to this file

92 lines (86 sloc) 2.87 KB
###################################################################################################
#### Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
####
#### Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file
#### except in compliance with the License. A copy of the License is located at
####
#### http://aws.amazon.com/apache2.0/
####
#### or in the "license" file accompanying this file. This file is distributed on an "AS IS"
#### BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#### License for the specific language governing permissions and limitations under the License.
###################################################################################################
###################################################################################################
#### This configuration file creates a new bucket with a policy that allows ELB to write logs to it
#### and configures your environment's load balancer to upload logs.
###################################################################################################
Mappings:
Region2ELBAccountId:
us-east-1:
AccountId: "127311923021"
us-west-2:
AccountId: "797873946194"
us-west-1:
AccountId: "027434742980"
eu-west-1:
AccountId: "156460612806"
eu-central-1:
AccountId: "054676820928"
ap-southeast-1:
AccountId: "114774131450"
ap-northeast-1:
AccountId: "582318560864"
ap-southeast-2:
AccountId: "783225319266"
ap-northeast-2:
AccountId: "600734575887"
sa-east-1:
AccountId: "507241528517"
cn-north-1:
AccountId: "638102146993"
Resources:
AWSEBLoadBalancer:
Properties:
AccessLoggingPolicy:
EmitInterval: 5
Enabled: true
S3BucketName:
Ref: LogsBucket
Type: "AWS::ElasticLoadBalancing::LoadBalancer"
DependsOn: "LogsBucketPolicy"
LogsBucket:
DeletionPolicy: Retain
Type: "AWS::S3::Bucket"
LogsBucketPolicy:
Properties:
Bucket:
Ref: LogsBucket
PolicyDocument:
Statement:
-
Action:
- "s3:PutObject"
Effect: Allow
Principal:
AWS:
? "Fn::FindInMap"
:
- Region2ELBAccountId
-
Ref: "AWS::Region"
- AccountId
Resource:
? "Fn::Join"
:
- ""
-
- "arn:aws:s3:::"
-
Ref: LogsBucket
- /AWSLogs/
-
Ref: "AWS::AccountId"
- /*
Sid: ELBAccessLogs20130930
Version: "2008-10-17"
Type: "AWS::S3::BucketPolicy"