diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1ebabe4..45bb52d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,16 @@
# Change Log
+## [1.0.8] - 2023-05-11
+
+### Added
+
+- variable `alb_access_logs_bucket_name`
+- variable `is_enable_access_log`
+- Support alb access_logs
+
+### Changes
+- cluster_name length change from 19 to 25
+
## [1.0.7] - 2022-12-22
### Added
diff --git a/README.md b/README.md
index d1b2a24..0fd2ab7 100644
--- a/README.md
+++ b/README.md
@@ -10,92 +10,94 @@ Please see at `examples/simple`
## Requirements
-| Name | Version |
-|---------------------------------------------------------------------------|----------|
+| Name | Version |
+|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0.0 |
-| [aws](#requirement\_aws) | >= 4.00 |
+| [aws](#requirement\_aws) | >= 4.00 |
## Providers
-| Name | Version |
-|---------------------------------------------------|---------|
-| [aws](#provider\_aws) | 4.8.0 |
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | >= 4.00 |
## Modules
-| Name | Source | Version |
-|----------------------------------------------------------------------------------------------|-------------------|---------|
-| [application\_record](#module\_application\_record) | oozou/route53/aws | 1.0.2 |
+| Name | Source | Version |
+|------|--------|---------|
+| [application\_record](#module\_application\_record) | oozou/route53/aws | 1.0.2 |
## Resources
-| Name | Type |
-|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|
-| [aws_ecs_capacity_provider.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_capacity_provider) | resource |
-| [aws_ecs_cluster.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_cluster) | resource |
-| [aws_ecs_cluster_capacity_providers.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_cluster_capacity_providers) | resource |
-| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_lb.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource |
-| [aws_lb_listener.front_end_https_http_redirect](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener) | resource |
-| [aws_lb_listener.http](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener) | resource |
-| [aws_security_group.alb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
-| [aws_security_group.ecs_tasks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
-| [aws_security_group_rule.alb_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
-| [aws_security_group_rule.alb_to_tasks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
-| [aws_security_group_rule.ecs_tasks_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
-| [aws_security_group_rule.leaving_alb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
-| [aws_security_group_rule.public_to_alb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
-| [aws_security_group_rule.public_to_alb_http](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
-| [aws_security_group_rule.tasks_to_tasks_all](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
-| [aws_security_group_rule.tasks_to_world](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| Name | Type |
+|------|------|
+| [aws_ecs_capacity_provider.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_capacity_provider) | resource |
+| [aws_ecs_cluster.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_cluster) | resource |
+| [aws_ecs_cluster_capacity_providers.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_cluster_capacity_providers) | resource |
+| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_lb.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource |
+| [aws_lb_listener.front_end_https_http_redirect](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener) | resource |
+| [aws_lb_listener.http](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener) | resource |
+| [aws_security_group.alb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_security_group.ecs_tasks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_security_group_rule.alb_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.alb_to_tasks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.ecs_tasks_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.leaving_alb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.public_to_alb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.public_to_alb_http](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.tasks_to_tasks_all](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.tasks_to_world](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_service_discovery_private_dns_namespace.internal](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/service_discovery_private_dns_namespace) | resource |
## Inputs
-| Name | Description | Type | Default | Required |
-|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------|---------|:--------:|
-| [additional\_managed\_policy\_arns](#input\_additional\_managed\_policy\_arns) | Set of exclusive IAM managed policy ARNs to attach to the IAM role. If this attribute is not configured, Terraform will ignore policy attachments to this resource. When configured, Terraform will align the role's managed policy attachments with this set by attaching or detaching managed policies. Configuring an empty set (i.e., managed\_policy\_arns = []) will cause Terraform to remove all managed policy attachments. | `list(string)` | `[]` | no |
-| [additional\_security\_group\_alb\_ingress\_rules](#input\_additional\_security\_group\_alb\_ingress\_rules) | Map of ingress and any specific/overriding attributes to be created | `any` | `{}` | no |
-| [additional\_security\_group\_ingress\_rules](#input\_additional\_security\_group\_ingress\_rules) | Map of ingress and any specific/overriding attributes to be created | `any` | `{}` | no |
-| [alb\_aws\_security\_group\_id](#input\_alb\_aws\_security\_group\_id) | (Require) when is\_create\_alb\_security\_group is set to `false` | `string` | `""` | no |
-| [alb\_certificate\_arn](#input\_alb\_certificate\_arn) | Certitificate ARN to link with ALB | `string` | `""` | no |
-| [alb\_listener\_port](#input\_alb\_listener\_port) | The port to listen on the ALB for public services (80/443, default 443) | `number` | `443` | no |
-| [allow\_access\_from\_principals](#input\_allow\_access\_from\_principals) | A list of Account Numbers, ARNs, and Service Principals who needs to access the cluster | `list(string)` | `[]` | no |
-| [capacity\_provider\_asg\_config](#input\_capacity\_provider\_asg\_config) | Auto scaling group arn for capacity provider EC2 | `map(any)` | `null` | no |
-| [ecs\_task\_security\_group\_id](#input\_ecs\_task\_security\_group\_id) | (Require) when is\_create\_alb\_security\_group is set to `false` | `string` | `""` | no |
-| [enable\_deletion\_protection](#input\_enable\_deletion\_protection) | (Optional) If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. Defaults to false. | `bool` | `false` | no |
-| [environment](#input\_environment) | Environment Variable used as a prefix | `string` | n/a | yes |
-| [fully\_qualified\_domain\_name](#input\_fully\_qualified\_domain\_name) | The domain name for the ACM cert for attaching to the ALB i.e. *.example.com, www.amazing.com | `string` | `""` | no |
-| [is\_create\_alb](#input\_is\_create\_alb) | Whether to create alb or not | `bool` | `true` | no |
-| [is\_create\_alb\_dns\_record](#input\_is\_create\_alb\_dns\_record) | Whether to create ALB dns record or not | `bool` | `true` | no |
-| [is\_create\_alb\_security\_group](#input\_is\_create\_alb\_security\_group) | Whether to create ALB security group or not | `bool` | `true` | no |
-| [is\_create\_ecs\_task\_security\_group](#input\_is\_create\_ecs\_task\_security\_group) | Whether to create ECS tasks security group or not | `bool` | `true` | no |
-| [is\_create\_role](#input\_is\_create\_role) | Whether to create ecs role or not | `bool` | `true` | no |
-| [is\_enable\_container\_insights](#input\_is\_enable\_container\_insights) | Whether to be used to enable CloudWatch Container Insights for a cluster. | `bool` | `true` | no |
-| [is\_ignore\_unsecured\_connection](#input\_is\_ignore\_unsecured\_connection) | Whether to by pass the HTTPs endpoints required or not | `bool` | `false` | no |
-| [is\_public\_alb](#input\_is\_public\_alb) | Flag for Internal/Public ALB. ALB is production env should be public | `bool` | `false` | no |
-| [name](#input\_name) | Name of the ECS cluster to create | `string` | n/a | yes |
-| [prefix](#input\_prefix) | The prefix name of customer to be displayed in AWS console and resource | `string` | n/a | yes |
-| [private\_subnet\_ids](#input\_private\_subnet\_ids) | Private subnets for container deployment | `list(string)` | `[]` | no |
-| [public\_subnet\_ids](#input\_public\_subnet\_ids) | Public subnets for AWS Application Load Balancer deployment | `list(string)` | `[]` | no |
-| [route53\_hosted\_zone\_name](#input\_route53\_hosted\_zone\_name) | The domain name in Route53 to fetch the hosted zone, i.e. example.com, mango-dev.blue.cloud | `string` | `""` | no |
-| [tags](#input\_tags) | Custom tags which can be passed on to the AWS resources. They should be key value pairs having distinct keys | `map(any)` | `{}` | no |
-| [vpc\_id](#input\_vpc\_id) | VPC to deploy the cluster in | `string` | n/a | yes |
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [additional\_managed\_policy\_arns](#input\_additional\_managed\_policy\_arns) | Set of exclusive IAM managed policy ARNs to attach to the IAM role. If this attribute is not configured, Terraform will ignore policy attachments to this resource. When configured, Terraform will align the role's managed policy attachments with this set by attaching or detaching managed policies. Configuring an empty set (i.e., managed\_policy\_arns = []) will cause Terraform to remove all managed policy attachments. | `list(string)` | `[]` | no |
+| [additional\_security\_group\_alb\_ingress\_rules](#input\_additional\_security\_group\_alb\_ingress\_rules) | Map of ingress and any specific/overriding attributes to be created | `any` | `{}` | no |
+| [additional\_security\_group\_ingress\_rules](#input\_additional\_security\_group\_ingress\_rules) | Map of ingress and any specific/overriding attributes to be created | `any` | `{}` | no |
+| [alb\_access\_logs\_bucket\_name](#input\_alb\_access\_logs\_bucket\_name) | ALB access\_logs S3 bucket name. | `string` | n/a | yes |
+| [alb\_aws\_security\_group\_id](#input\_alb\_aws\_security\_group\_id) | (Require) when is\_create\_alb\_security\_group is set to `false` | `string` | `""` | no |
+| [alb\_certificate\_arn](#input\_alb\_certificate\_arn) | Certitificate ARN to link with ALB | `string` | `""` | no |
+| [alb\_listener\_port](#input\_alb\_listener\_port) | The port to listen on the ALB for public services (80/443, default 443) | `number` | `443` | no |
+| [allow\_access\_from\_principals](#input\_allow\_access\_from\_principals) | A list of Account Numbers, ARNs, and Service Principals who needs to access the cluster | `list(string)` | `[]` | no |
+| [capacity\_provider\_asg\_config](#input\_capacity\_provider\_asg\_config) | Auto scaling group arn for capacity provider EC2 | `map(any)` | `null` | no |
+| [ecs\_task\_security\_group\_id](#input\_ecs\_task\_security\_group\_id) | (Require) when is\_create\_alb\_security\_group is set to `false` | `string` | `""` | no |
+| [enable\_deletion\_protection](#input\_enable\_deletion\_protection) | (Optional) If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. Defaults to false. | `bool` | `false` | no |
+| [environment](#input\_environment) | Environment Variable used as a prefix | `string` | n/a | yes |
+| [fully\_qualified\_domain\_name](#input\_fully\_qualified\_domain\_name) | The domain name for the ACM cert for attaching to the ALB i.e. *.example.com, www.amazing.com | `string` | `""` | no |
+| [is\_create\_alb](#input\_is\_create\_alb) | Whether to create alb or not | `bool` | `true` | no |
+| [is\_create\_alb\_dns\_record](#input\_is\_create\_alb\_dns\_record) | Whether to create ALB dns record or not | `bool` | `true` | no |
+| [is\_create\_alb\_security\_group](#input\_is\_create\_alb\_security\_group) | Whether to create ALB security group or not | `bool` | `true` | no |
+| [is\_create\_ecs\_task\_security\_group](#input\_is\_create\_ecs\_task\_security\_group) | Whether to create ECS tasks security group or not | `bool` | `true` | no |
+| [is\_create\_role](#input\_is\_create\_role) | Whether to create ecs role or not | `bool` | `true` | no |
+| [is\_enable\_access\_log](#input\_is\_enable\_access\_log) | Boolean to enable / disable access\_logs. Defaults to false, even when bucket is specified. | `bool` | `false` | no |
+| [is\_enable\_container\_insights](#input\_is\_enable\_container\_insights) | Whether to be used to enable CloudWatch Container Insights for a cluster. | `bool` | `true` | no |
+| [is\_ignore\_unsecured\_connection](#input\_is\_ignore\_unsecured\_connection) | Whether to by pass the HTTPs endpoints required or not | `bool` | `false` | no |
+| [is\_public\_alb](#input\_is\_public\_alb) | Flag for Internal/Public ALB. ALB is production env should be public | `bool` | `false` | no |
+| [name](#input\_name) | Name of the ECS cluster to create | `string` | n/a | yes |
+| [prefix](#input\_prefix) | The prefix name of customer to be displayed in AWS console and resource | `string` | n/a | yes |
+| [private\_subnet\_ids](#input\_private\_subnet\_ids) | Private subnets for container deployment | `list(string)` | `[]` | no |
+| [public\_subnet\_ids](#input\_public\_subnet\_ids) | Public subnets for AWS Application Load Balancer deployment | `list(string)` | `[]` | no |
+| [route53\_hosted\_zone\_name](#input\_route53\_hosted\_zone\_name) | The domain name in Route53 to fetch the hosted zone, i.e. example.com, mango-dev.blue.cloud | `string` | `""` | no |
+| [tags](#input\_tags) | Custom tags which can be passed on to the AWS resources. They should be key value pairs having distinct keys | `map(any)` | `{}` | no |
+| [vpc\_id](#input\_vpc\_id) | VPC to deploy the cluster in | `string` | n/a | yes |
## Outputs
-| Name | Description |
-|-------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------|
-| [alb\_arn](#output\_alb\_arn) | ARN of alb |
-| [alb\_dns\_name](#output\_alb\_dns\_name) | The DNS name of the load balancer. |
-| [alb\_id](#output\_alb\_id) | ID of alb |
-| [alb\_listener\_http\_arn](#output\_alb\_listener\_http\_arn) | ARN of the listener (matches id). |
-| [alb\_listener\_https\_redirect\_arn](#output\_alb\_listener\_https\_redirect\_arn) | ARN of the listener (matches id). |
-| [capacity\_provider\_name](#output\_capacity\_provider\_name) | Name of capacity provider. |
-| [ecs\_access\_role\_arn](#output\_ecs\_access\_role\_arn) | Amazon Resource Name (ARN) specifying the role. |
-| [ecs\_cluster\_arn](#output\_ecs\_cluster\_arn) | ARN that identifies the cluster. |
-| [ecs\_cluster\_id](#output\_ecs\_cluster\_id) | ID that identifies the cluster. |
-| [ecs\_cluster\_name](#output\_ecs\_cluster\_name) | Name of the cluster |
-| [ecs\_task\_security\_group\_id](#output\_ecs\_task\_security\_group\_id) | ID of the security group rule. |
-| [service\_discovery\_namespace](#output\_service\_discovery\_namespace) | The ID of a namespace. |
+| Name | Description |
+|------|-------------|
+| [alb\_arn](#output\_alb\_arn) | ARN of alb |
+| [alb\_dns\_name](#output\_alb\_dns\_name) | The DNS name of the load balancer. |
+| [alb\_id](#output\_alb\_id) | ID of alb |
+| [alb\_listener\_http\_arn](#output\_alb\_listener\_http\_arn) | ARN of the listener (matches id). |
+| [alb\_listener\_https\_redirect\_arn](#output\_alb\_listener\_https\_redirect\_arn) | ARN of the listener (matches id). |
+| [capacity\_provider\_name](#output\_capacity\_provider\_name) | Name of capacity provider. |
+| [ecs\_access\_role\_arn](#output\_ecs\_access\_role\_arn) | Amazon Resource Name (ARN) specifying the role. |
+| [ecs\_cluster\_arn](#output\_ecs\_cluster\_arn) | ARN that identifies the cluster. |
+| [ecs\_cluster\_id](#output\_ecs\_cluster\_id) | ID that identifies the cluster. |
+| [ecs\_cluster\_name](#output\_ecs\_cluster\_name) | Name of the cluster |
+| [ecs\_task\_security\_group\_id](#output\_ecs\_task\_security\_group\_id) | ID of the security group rule. |
+| [service\_discovery\_namespace](#output\_service\_discovery\_namespace) | The ID of a namespace. |
diff --git a/locals.tf b/locals.tf
index cad92bb..5342caa 100644
--- a/locals.tf
+++ b/locals.tf
@@ -3,7 +3,7 @@
/* -------------------------------------------------------------------------- */
locals {
cluster_name_tmp = "${var.prefix}-${var.environment}-${var.name}"
- cluster_name = substr("${local.cluster_name_tmp}", 0, min(19, length(local.cluster_name_tmp)))
+ cluster_name = substr("${local.cluster_name_tmp}", 0, min(25, length(local.cluster_name_tmp)))
ecs_task_security_group_id = var.is_create_ecs_task_security_group ? aws_security_group.ecs_tasks[0].id : var.ecs_task_security_group_id
alb_aws_security_group_id = var.is_create_alb_security_group ? aws_security_group.alb[0].id : var.alb_aws_security_group_id
diff --git a/main.tf b/main.tf
index e3de03f..a77dca2 100644
--- a/main.tf
+++ b/main.tf
@@ -169,11 +169,11 @@ resource "aws_lb" "this" {
drop_invalid_header_fields = true
enable_deletion_protection = var.enable_deletion_protection
- # access_logs {
- # bucket = var.alb_access_logs_bucket
- # prefix = "${var.account_alias}/${var.cluster_name}-alb"
- # enabled = true
- # }
+ access_logs {
+ bucket = try(var.alb_access_logs_bucket_name, null)
+ prefix = "${local.cluster_name}-alb"
+ enabled = var.is_enable_access_log
+ }
tags = merge(local.tags, { "Name" : var.is_public_alb ? format("%s-alb", local.cluster_name) : format("%s-internal-alb", local.cluster_name) })
}
diff --git a/variables.tf b/variables.tf
index e3a46e3..e5a3aab 100644
--- a/variables.tf
+++ b/variables.tf
@@ -31,6 +31,18 @@ variable "is_enable_container_insights" {
default = true
}
+variable "alb_access_logs_bucket_name" {
+ description = "ALB access_logs S3 bucket name."
+ type = string
+}
+
+variable "is_enable_access_log" {
+ description = "Boolean to enable / disable access_logs. Defaults to false, even when bucket is specified."
+ type = bool
+ default = false
+}
+
+
/* -------------------------------------------------------------------------- */
/* Security Group */
/* -------------------------------------------------------------------------- */