Skip to content

Latest commit

 

History

History
16 lines (9 loc) · 1.29 KB

README.md

File metadata and controls

16 lines (9 loc) · 1.29 KB

ELB Logging

This is an implementation of a shared S3 bucket for AWS accounts using the AWS CDK (typescript) as the configuration language.

Features

Takes advantage of AWS Config service compliance rules to determine if a given application load balancer is configured with a logging bucket. If not, using the AWS Config console, a noncompliant ALB can be remediated at the click of a button which will notify the ELB Logs Updater Lambda function of the noncompliant ALB for remediation.

AWS Config is used to identify unprotected application load balancers with the elb-logging-enabled managed rule. When AWS Config detects the violation of the elb-logging-enabled rule and flags the resource (ALB) as noncompliant, the resource can be easily identified via the console and remediated by clicking the "remediate" button. This sends a notification to SNS that contains the resource ARN. The SNS topic is subscribed-to by a Lambda function which parses the resource ID and adds the logging bucket configuration to the ELB.

Diagram

Auto-generated using cdk-dia

ALB Logging