Merge pull request #22 from Virtual-Finland-Development/feature/save-standard-logs-to-s3

Feature/save standard logs to s3

Author: lassipatanen

infra/index.ts

@@ -5,19 +5,22 @@ import {
     createOriginAccessIdentity,
 } from './resources/CloudFront';
 import createLambdaAtEdgeFunction from './resources/LambdaAtEdge';
-import createS3Bucket, { createS3BucketPermissions, uploadAssetsToBucket } from './resources/S3Bucket';
-import { getSetup } from './utils/Setup';
+import createS3Bucket, {createS3BucketPermissions, uploadAssetsToBucket} from './resources/S3Bucket';
+import {getSetup} from './utils/Setup';
+import {createStandardLogsBucket} from "./resources/standardLogsBucket";
 
 const setup = getSetup();
 const originAccessIdentity = createOriginAccessIdentity(setup);
 const s3bucketSetup = createS3Bucket(setup);
 const edgeLambdaPackage = createLambdaAtEdgeFunction(setup, s3bucketSetup);
 createS3BucketPermissions(setup, s3bucketSetup.bucket, originAccessIdentity, edgeLambdaPackage.lambdaAtEdgeRole);
+const standardLogsBucket = createStandardLogsBucket(setup);
 const cloudFrontDistribution = createCloudFrontDistribution(
     setup,
     s3bucketSetup.bucket,
     originAccessIdentity,
-    edgeLambdaPackage.lambdaAtEdgeFunction
+    edgeLambdaPackage.lambdaAtEdgeFunction,
+    standardLogsBucket
 );
 uploadAssetsToBucket(s3bucketSetup.bucket);
 createCacheInvalidation(setup, cloudFrontDistribution);
@@ -26,3 +29,7 @@ export const url = pulumi.interpolate`https://${cloudFrontDistribution.domainNam
 export const bucketName = s3bucketSetup.bucket.bucket;
 export const lambdaId = pulumi.interpolate`${edgeLambdaPackage.lambdaAtEdgeFunction.name}:${edgeLambdaPackage.lambdaAtEdgeFunction.version}`
 export const cloudFrontDistributionId = cloudFrontDistribution.id;
+export const standardLogsBucketDetails = {
+    arn: standardLogsBucket.arn,
+    id: standardLogsBucket.id
+}

infra/resources/CloudFront.ts

@@ -14,7 +14,8 @@ export function createCloudFrontDistribution(
     setup: ISetup,
     bucket: aws.s3.Bucket,
     originAccessIdentity: aws.cloudfront.OriginAccessIdentity,
-    lambdaAtEdgeFunction: aws.lambda.Function
+    lambdaAtEdgeFunction: aws.lambda.Function,
+    standardLogsBucket: aws.s3.Bucket
 ) {
     const cloudFrontDistributionConfig = setup.getResourceConfig('CloudFrontDistribution');
 
@@ -69,6 +70,11 @@ export function createCloudFrontDistribution(
         enabled: true,
         retainOnDelete: false,
         tags: cloudFrontDistributionConfig.tags,
+        loggingConfig: {
+            bucket: standardLogsBucket.bucketDomainName,
+            prefix: 'std-cf-logs',
+            includeCookies: false,
+        }
     });
 
     // Extended monitoring

infra/resources/standardLogsBucket.ts

@@ -0,0 +1,33 @@
+import * as aws from "@pulumi/aws";
+import {Bucket} from "@pulumi/aws/s3";
+import {ISetup} from "../utils/Setup";
+
+export function createStandardLogsBucket(setup: ISetup): Bucket {
+    const awsEuNorth1 = new aws.Provider("aws-eu-north-1", {region: "eu-north-1"});
+    const bucket = new aws.s3.Bucket(`${setup.projectName}-standard-logs-${setup.stage}`, {
+        lifecycleRules: [
+            {
+                enabled: true,
+                expiration: {
+                    days: 2
+                },
+                id: `standard-logs-expiration-rule-${setup.stage}`
+            }
+        ],
+        acl: 'private',
+        tags: setup.getResourceConfig('standard-logs-bucket').tags
+    }, {
+        provider: awsEuNorth1
+    });
+
+    const bucketOwnershipControls = new aws.s3.BucketOwnershipControls('controls', {
+        bucket: bucket.id,
+        rule: {
+            objectOwnership: "BucketOwnerPreferred"
+        }
+    }, {
+        provider: awsEuNorth1
+    });
+
+    return bucket;
+}