Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/fivexl/terraform-aws-s3-server-access-logs-lake
This repository contains Terraform modules for setting up a centralized log-archive account for server access logs from multiple accounts in an AWS Organization. The modules are designed to replicate logs from various accounts to a designated log-archive account, where they can be stored and queried for further analysis.
https://github.com/fivexl/terraform-aws-s3-server-access-logs-lake
Last synced: 8 days ago
JSON representation
This repository contains Terraform modules for setting up a centralized log-archive account for server access logs from multiple accounts in an AWS Organization. The modules are designed to replicate logs from various accounts to a designated log-archive account, where they can be stored and queried for further analysis.
- Host: GitHub
- URL: https://github.com/fivexl/terraform-aws-s3-server-access-logs-lake
- Owner: fivexl
- License: apache-2.0
- Created: 2024-10-21T07:28:13.000Z (2 months ago)
- Default Branch: main
- Last Pushed: 2024-11-28T11:34:11.000Z (about 1 month ago)
- Last Synced: 2024-11-28T12:28:45.090Z (about 1 month ago)
- Language: HCL
- Homepage: https://registry.terraform.io/modules/fivexl/s3-server-access-logs-lake/aws/latest
- Size: 30.3 KB
- Stars: 1
- Watchers: 0
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Terraform-aws-s3-server-access-logs-lake
This repository contains Terraform modules for setting up a centralized log-archive account for server access logs from multiple accounts in an AWS Organization. The modules are designed to replicate logs from various accounts to a designated log-archive account, where they can be stored and queried for further analysis.
# Terraform AWS S3 Server Access Logs Lake Delivery Configuration Module
This module simplifies the replication of server access logs from multiple accounts in an AWS Organization to a centralized log-archive account. It provisions an IAM role and policy for S3 bucket replication and configures cross-account replication for log delivery.
### Features:
- IAM role and policy for S3 replication
- Replication configuration for cross-account log delivery
### Usage:
Utilize this module to replicate server access logs from various accounts in your AWS Organization to a designated log-archive account. Provide the following inputs:
- `source_bucket_arn`
- `destination_account_id`
- `destination_bucket_arn`
This will set up the necessary replication configuration to transfer logs to the log-archive bucket.
---
# Terraform AWS S3 Server Access Logs Target Module
This module provisions an S3 bucket specifically designed to store replicated access logs from multiple S3 buckets in other accounts within your AWS Organization.
### Features:
- Creates an S3 bucket using FivexL's `s3_baseline` module, designed to serve as the target for log replication
- Configures a bucket policy that permits the replication of logs from other accounts in the organization
- Creates a Glue table for querying logs via Athena
### Usage:
Deploy this module in the log-archive account. The resulting S3 bucket will serve as the target for logs replicated from other accounts. Each account in the organization will only be able to write logs to their respective prefix (e.g., `arn:aws:s3:::${bucket_name}/$${aws:PrincipalAccount}/*`).
The generated Glue table enables querying of the logs via AWS Athena for further analysis.
---
## Review Links
- [Review recent changes](https://github.com/fivexl/terraform-aws-s3-server-access-logs-lake/compare/main@%7B7day%7D...main)
- [Branch-based review](https://github.com/fivexl/terraform-aws-s3-server-access-logs-lake/compare/review...main)