This is an implementation of a shared S3 bucket for AWS accounts using the AWS CDK (typescript) as the configuration language.
Takes advantage of AWS Config service compliance rules to determine if a given application load balancer is configured with a logging bucket. If not, using the AWS Config console, a noncompliant ALB can be remediated at the click of a button which will notify the ELB Logs Updater Lambda function of the noncompliant ALB for remediation.
AWS Config is used to identify unprotected application load balancers with the elb-logging-enabled managed rule. When AWS Config detects the violation of the elb-logging-enabled rule and flags the resource (ALB) as noncompliant, the resource can be easily identified via the console and remediated by clicking the "remediate" button. This sends a notification to SNS that contains the resource ARN. The SNS topic is subscribed-to by a Lambda function which parses the resource ID and adds the logging bucket configuration to the ELB.
Auto-generated using cdk-dia