Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CloudFront Distribution should be able to set logging to disabled without removing config #11986

Open
zmeggyesi opened this issue Feb 11, 2020 · 4 comments · May be fixed by #11987
Open

CloudFront Distribution should be able to set logging to disabled without removing config #11986

zmeggyesi opened this issue Feb 11, 2020 · 4 comments · May be fixed by #11987
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/cloudfront Issues and PRs that pertain to the cloudfront service.

Comments

@zmeggyesi
Copy link

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

I have a use-case where I'm managing a number of CloudFront distributions via Terraform and some of them should log requests, while others should not.
Since my configuration is implemented with modules to denote the various distributions, it is not possible to set/omit the logging_config block on a module-by-module basis, but it should be possible to set the configuration's enabled field to false.

New or Affected Resource(s)

  • aws_cloudfront_distribution

Potential Terraform Configuration

resource "aws_cloudfront_distribution" "traffic_split" {
  // ----- BEGIN PROBLEMATIC PART -----
  logging_config {
    include_cookies = true
    bucket          = var.log_bucket
    prefix          = "${var.live_domain_prefix}.${var.live_domain_root}"
  }
  // ----- END PROBLEMATIC PART -----

  origin {
    # GCP app server
    domain_name = var.app_server_domain
    origin_id = var.app_server_origin_id

    custom_origin_config {
      http_port = 80
      https_port = 443
      origin_protocol_policy = "https-only"
      origin_ssl_protocols = [
        "TLSv1.1",
        "TLSv1.2"
      ]
    }

  }
  origin {
    # CDN
    domain_name = var.cdn_domain
    origin_id = var.cdn_origin_id

    custom_origin_config {
      http_port = 80
      https_port = 443
      origin_protocol_policy = "https-only"
      origin_ssl_protocols = [
        "TLSv1.1",
        "TLSv1.2"
      ]
    }

  }

  enabled = true
  is_ipv6_enabled = true
  comment = "${var.live_domain_prefix}.${var.live_domain_root}"

  aliases = [
    "${var.live_domain_prefix}.${var.live_domain_root}",
  ]

  default_cache_behavior {
    allowed_methods = [
      "DELETE",
      "GET",
      "HEAD",
      "OPTIONS",
      "PATCH",
      "POST",
      "PUT",
    ]
    cached_methods = [
      "GET",
      "HEAD",
    ]
    target_origin_id = var.app_server_origin_id

    forwarded_values {
      query_string = true

      cookies {
        forward = "all"
      }

      headers = var.gcp_forwarded_headers
    }

    viewer_protocol_policy = "redirect-to-https"
    min_ttl = 0
    default_ttl            = 86400
    max_ttl                = 31536000
  }

  dynamic "ordered_cache_behavior" {
    for_each = local.cdn_paths
    iterator = path-pattern
    content {
      path_pattern = path-pattern.value
      allowed_methods = [
        "DELETE",
        "GET",
        "HEAD",
        "OPTIONS",
        "PATCH",
        "POST",
        "PUT",
      ]
      cached_methods = [
        "GET",
        "HEAD",
        "OPTIONS"]
      target_origin_id = var.cdn_origin_id

      forwarded_values {
        query_string = true
        headers = var.cdn_forwarded_headers
        cookies {
          forward = "all"
        }
      }

      min_ttl = 0
      default_ttl = 300
      max_ttl = 86400
      compress = true
      viewer_protocol_policy = "redirect-to-https"
    }
  }

  price_class = "PriceClass_All"

  restrictions {
    geo_restriction {
      restriction_type = "none"
    }
  }

  viewer_certificate {
    acm_certificate_arn = "%{ if var.acm_cert_arn == "" }${aws_acm_certificate_validation.dynamic_cert_validation[0].certificate_arn}%{ else }${var.acm_cert_arn}%{ endif }"
    minimum_protocol_version = "TLSv1.1_2016"
    ssl_support_method = "sni-only"
  }
}

References

  • #0000
@zmeggyesi zmeggyesi added the enhancement Requests to existing resources that expand the functionality or scope. label Feb 11, 2020
@ghost ghost added the service/cloudfront Issues and PRs that pertain to the cloudfront service. label Feb 11, 2020
@github-actions github-actions bot added the needs-triage Waiting for first response or review from a maintainer. label Feb 11, 2020
zmeggyesi added a commit to zmeggyesi/terraform-provider-aws that referenced this issue Feb 11, 2020
@zmeggyesi
(hashicorp#11986) prototype ability to enble/disable logging config
b8f8fd4
zmeggyesi added a commit to zmeggyesi/terraform-provider-aws that referenced this issue Feb 11, 2020
@zmeggyesi
(hashicorp#11986) Add unit test
f577779
zmeggyesi added a commit to zmeggyesi/terraform-provider-aws that referenced this issue Feb 11, 2020
@zmeggyesi
(hashicorp#11986) correct map key case
80a5571
@zmeggyesi zmeggyesi linked a pull request Feb 11, 2020 that will close this issue
Open
@mjgpy3
Copy link
Contributor

mjgpy3 commented Feb 12, 2020

@zmeggyesi if you're using terraform 0.12 you can omit config blocks by using dynamic.

For example, I've done this before by doing something like the following (this is in a codebuild project)

  dynamic "artifacts" {
    for_each = local.artifacts_given ? [] : [1]

    content {
      type = "NO_ARTIFACTS"
    }
  }

@zmeggyesi
Copy link
Author

The thought has occurred to me, but the AWS provider simply threw an error on that, stating that count was not expected.

In any case, I quickly added support for the enabled property of the CLoudFront Logging Config - hope it gets approved soon.

@breathingdust breathingdust removed the needs-triage Waiting for first response or review from a maintainer. label Sep 22, 2021
@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 6, 2024

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

@github-actions github-actions bot added the stale Old or inactive issues managed by automation, if no further action taken these will get closed. label Oct 6, 2024
@zmeggyesi
Copy link
Author

Requires action, still awaiting approval

@github-actions github-actions bot removed the stale Old or inactive issues managed by automation, if no further action taken these will get closed. label Oct 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/cloudfront Issues and PRs that pertain to the cloudfront service.
Projects
None yet
Milestone
No milestone
3 participants
@breathingdust @mjgpy3 @zmeggyesi