v1.3: add s3-flow-logs, rename access-logs to s3-access-logs

terraform-modules · Feb 23, 2021 · c155ba9 · c155ba9
1 parent 5f93855
commit c155ba9
Showing 1 changed file with 83 additions and 0 deletions.
diff --git a/s3-flow-logs/README.md b/s3-flow-logs/README.md
@@ -0,0 +1,83 @@
+# aws-inf-setup :: s3-flow-logs
+
+This set up the needed components for S3 VPC flow log bucket.  Only one flow log bucket is  
+needed
+
+* S3 bucket
+* S3 bucket objects (key prefixes, aka "directories")
+* S3 bucket policy
+
+# Usage  
+Here is a simple example, the one most commonly expected to be used.
+
+```hcl
+module "flowlogs" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-inf-setup.git//s3-flow-flowlogs"
+}
+```
+
+This one can be used if you need to customize stuff, though really, the defaults are all built  
+for a reason, and deployment code (i.e., Ansible) will expect these defaults to be used in  
+variable file generation.
+
+```hcl
+module "flowlogs_full" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-inf-setup.git//s3-flow-flowlogs"
+
+  # optional
+  account_alias         = "do2-govcloud"
+  bucket_name           = "inf-flowlogs-123456789012"
+
+  # flowlogs is generally not needed and not recommended
+  component_tags        = {
+    "s3" = {
+      "SpecialTag1" = "something"
+      "SpecialTag2" = "somethingElse"
+    }
+  }
+}
+```
+
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | n/a |
+
+## Modules
+
+No Modules.
+
+## Resources
+
+| Name |
+|------|
+| [aws_arn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) |
+| [aws_caller_identity](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) |
+| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) |
+| [aws_region](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) |
+| [aws_s3_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) |
+| [aws_s3_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) |
+| [aws_s3_bucket_public_access_block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| account\_alias | AWS Account Alias (required) | `string` | `""` | no |
+| account\_id | AWS Account ID (default will pull from current user) | `string` | `""` | no |
+| bucket\_name | VPC Flow Logs S3 bucket name | `string` | `""` | no |
+| bucket\_name\_prefix | VPC Flow Logs S3 bucket prefix, prepended to the AWS account ID to make the bucket name. | `string` | `"inf-flowlogs"` | no |
+| component\_tags | Additional tags for Components (s3, kms, ddb) | `map(map(string))` | <pre>{<br>  "ddb": {},<br>  "kms": {},<br>  "s3": {}<br>}</pre> | no |
+| override\_prefixes | Override built-in prefixes by component (efs, s3, ebs, kms, role, policy, security-group). This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| tags | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| flowlogs\_bucket\_arn | VPC Flow Logs S3 bucket ARN |