Merge pull request #176 from aligent/feature/s3-access-logs

Add s3 access logging option

lib/static-hosting.ts

@@ -14,6 +14,7 @@ export interface StaticHostingProps {
     createPublisherUser?: boolean;
     extraDistributionCnames?: ReadonlyArray<string>;
     enableCloudFrontAccessLogging?: boolean;
+    enableS3AccessLogging?: boolean;
     zoneName?: string;
     /**
      * Used to add Custom origins and behaviors
@@ -46,10 +47,30 @@ export class StaticHosting extends Construct {
         siteNameArray.concat(props.extraDistributionCnames) :
         siteNameArray;
 
+
+        const s3LoggingBucket = (props.enableS3AccessLogging)
+            ? new Bucket(this, 'S3LoggingBucket', {
+                bucketName: `${siteName}-s3-access-logs`,
+                encryption: BucketEncryption.S3_MANAGED,
+                blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
+                removalPolicy: RemovalPolicy.RETAIN,
+                enforceSSL: true
+            })
+            : undefined;
+
+        if (s3LoggingBucket) {
+            new CfnOutput(this, 'S3LoggingBucketName', {
+                description: "S3 Logs",
+                value: s3LoggingBucket.bucketName,
+            });
+        }
+
         const bucket = new Bucket(this, 'ContentBucket', {
             bucketName: siteName,
             encryption: BucketEncryption.S3_MANAGED,
             blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
+            serverAccessLogsBucket: s3LoggingBucket,
+            enforceSSL: true
         });
 
         new CfnOutput(this, 'Bucket', {
@@ -99,6 +120,7 @@ export class StaticHosting extends Construct {
                 encryption: BucketEncryption.S3_MANAGED,
                 blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
                 removalPolicy: RemovalPolicy.RETAIN,
+                enforceSSL: true
             })
             : undefined;