From 28c222bed2d651c2c69b7e0fcf1d133160ec9807 Mon Sep 17 00:00:00 2001
From: Thomas Klein <thomas.klein@jwalab.com>
Date: Fri, 13 Jan 2023 04:28:11 +0100
Subject: [PATCH] use existing bucket for logs

---
 data.tf            |  4 ++++
 logs-bucket.tf     | 34 ----------------------------------
 security-groups.tf |  2 +-
 settings.tf        |  2 +-
 variables.tf       |  5 +++++
 5 files changed, 11 insertions(+), 36 deletions(-)
 delete mode 100644 logs-bucket.tf

diff --git a/data.tf b/data.tf
index 6cd5721..d7ec2f6 100644
--- a/data.tf
+++ b/data.tf
@@ -31,6 +31,10 @@ data "aws_subnets" "private_apps" {
   }
 }
 
+data "aws_s3_bucket" "aws_bucket" {
+  bucket = var.aws_bucket_id
+}
+
 data "aws_region" "current" {}
 
 data "aws_caller_identity" "current" {}
diff --git a/logs-bucket.tf b/logs-bucket.tf
deleted file mode 100644
index 8100a35..0000000
--- a/logs-bucket.tf
+++ /dev/null
@@ -1,34 +0,0 @@
-resource "aws_s3_bucket" "aws_logs_bucket" {
-  bucket = "${var.env_name}-logs-${data.aws_region.current.name}"
-  force_destroy = var.production ? false : true
-}
-
-resource "aws_s3_bucket_acl" "aws_logs_bucket_acl" {
-  bucket = aws_s3_bucket.aws_logs_bucket.id
-  acl = "private"
-}
-
-resource "aws_s3_bucket_public_access_block" "aws_logs_bucket_public_access_block" {
-  bucket = aws_s3_bucket.aws_logs_bucket.id
-  block_public_acls = true
-  block_public_policy = true
-  ignore_public_acls = true
-  restrict_public_buckets = true
-}
-
-resource "aws_s3_bucket_policy" "aws_logs_bucket_policy" {
-  bucket = aws_s3_bucket.aws_logs_bucket.id
-  policy = data.aws_iam_policy_document.aws_logs_bucket_policy.json
-}
-
-data "aws_iam_policy_document" "aws_logs_bucket_policy" {
-  statement {
-    principals {
-      # See https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html#access-logging-bucket-permissions
-      identifiers = [data.aws_elb_service_account.current.arn]
-      type = "AWS"
-    }
-    actions = ["s3:PutObject"]
-    resources = ["arn:aws:s3:::${aws_s3_bucket.aws_logs_bucket.id}/AWSLogs/${data.aws_caller_identity.current.account_id}/*"]
-  }
-}
diff --git a/security-groups.tf b/security-groups.tf
index e81d4f7..ac49d14 100644
--- a/security-groups.tf
+++ b/security-groups.tf
@@ -51,7 +51,7 @@ resource "aws_security_group" "beanstalk_instances_security_group" {
   vpc_id = var.vpc_id
 
   tags = {
-    Name = "${terraform.workspace}-beanstalk-instances"
+    Name = "${var.env_name}-beanstalk-instances"
   }
 }
 
diff --git a/settings.tf b/settings.tf
index 7d358f0..436aefc 100644
--- a/settings.tf
+++ b/settings.tf
@@ -208,7 +208,7 @@ locals {
     {
       namespace = "aws:elbv2:loadbalancer"
       name = "AccessLogsS3Bucket"
-      value = aws_s3_bucket.aws_logs_bucket.id
+      value = data.aws_s3_bucket.aws_bucket.id
     },
     {
       namespace = "aws:elbv2:loadbalancer"
diff --git a/variables.tf b/variables.tf
index acac2c8..118d599 100644
--- a/variables.tf
+++ b/variables.tf
@@ -55,3 +55,8 @@ variable "instance_type" {
   description = "An AWS instance type to use for the environment. Defaults to t4g.small for production environments and t4g.micro for non-production environments"
   default = null
 }
+
+variable "aws_bucket_id" {
+  type = string
+  description = "Name of the S3 Bucket where AWS artifacts (mainly logs) can be written"
+}