Skip to main content
Sponsor @cloudposse

Module: s3-log-storage

This module creates an S3 bucket suitable for receiving logs from other AWS services such as S3, CloudFront, and CloudTrails.

This module implements a configurable log retention policy, which allows you to efficiently manage logs across different storage classes (e.g. Glacier) and ultimately expire the data altogether.

It enables default server-side encryption.

It blocks public access to the bucket by default.

As of March, 2022, this module is primarily a wrapper around our s3-bucket module, with some options preconfigured and SQS notifications added. If it does not exactly suit your needs, you may want to use the s3-bucket module directly.

As of version 1.0 of this module, most of the inputs are marked nullable = false, meaning you can pass in null and get the default value rather than having the input be actually set to null. This is technically a breaking change from previous versions, but since null was not a valid value for most of these variables, we are not considering it a truly breaking change. However, be mindful that the behavior of inputs set to null may change in the future, so we recommend setting them to the desired value explicitly.

Usage

This module supports full S3 storage lifecycle configuration via our s3-bucket module:

locals {
  lifecycle_configuration_rule = {
    enabled = true # bool
    id      = "v2rule"

    abort_incomplete_multipart_upload_days = 1 # number

    filter_and = null
    expiration = {
      days = 120 # integer > 0
    }
    noncurrent_version_expiration = {
      newer_noncurrent_versions = 3  # integer > 0
      noncurrent_days           = 60 # integer >= 0
    }
    transition = [{
      days          = 30            # integer >= 0
      storage_class = "STANDARD_IA" # string/enum, one of GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE, GLACIER_IR.
      },
      {
        days          = 60           # integer >= 0
        storage_class = "ONEZONE_IA" # string/enum, one of GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE, GLACIER_IR.
    }]
    noncurrent_version_transition = [{
      newer_noncurrent_versions = 3            # integer >= 0
      noncurrent_days           = 30           # integer >= 0
      storage_class             = "ONEZONE_IA" # string/enum, one of GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, DEEP_ARCHIVE, GLACIER_IR.
    }]
  }
}

module "log_storage" {
  source = "cloudposse/s3-log-storage/aws"
  # Cloud Posse recommends pinning every module to a specific version
  # version = "x.x.x"
  name      = "logs"
  stage     = "test"
  namespace = "eg"
  
  versioning_enabled            = true
  lifecycle_configuration_rules = [var.lifecycle_configuration_rule]
}