Retention period and custom policy for S3-bucket
ramses999 opened this issue · comments
Describe the solution you'd like.
Please add the following features in the case of "Publish flow logs to Amazon S3":
-
The ability to specify a "retention period" - for example, after 30 days to delete old files in s3.
Now there is only the option "flow_log_cloudwatch_log_group_retention_in_days", But there is no such option with the storage type in S3 bucket
flow_log_s3_retention_in_days -
The ability for s3 bucket to specify an additional custom policy of the aws_iam_policy_document format - for example, so that the Athena service can immediately analyze this s3 bucket, and not prescribe the necessary policy with a separate terragrant file
FYI - I believe this should be on the S3 module, not the VPC, so I have moved it there
@bryantbiggs My request was specifically to the VPC module and its option to send logs to s3 (https://github.com/terraform-aws-modules/terraform-aws-vpc/blob/master/examples/vpc-flow-logs/main.tf #L124)
This has nothing to do with the pure module s3.
Right, but those features you pointed out are specific to the S3 bucket; the VPC module does not provide an S3 bucket.
- The ability to specify a "retention period"
This is available in the S3 module using lifecycle rules
- The ability for s3 bucket to specify an additional custom policy of the aws_iam_policy_document format - for example, so that the Athena service can immediately analyze this s3 bucket, and not prescribe the necessary policy with a separate terragrant file
I don't know what this means, but we do have examples for setting up logging buckets
terraform-aws-s3-bucket/examples/complete/main.tf
Lines 66 to 82 in f1b6c7b