# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: MIT-0 resource "aws_s3_bucket" "connection_gateway_lb_logs_bucket" { bucket_prefix = "${var.project}-${var.environment}-dcv-gw-lb-logs" force_destroy = true } # Define versioning so we can keep track of different logs files resource "aws_s3_bucket_versioning" "connection_gateway_lb_logs_bucket_versioning" { bucket = aws_s3_bucket.connection_gateway_lb_logs_bucket.id versioning_configuration { status = "Enabled" } } # Define encryption resource "aws_s3_bucket_server_side_encryption_configuration" "connection_gateway_lb_logs_bucket_encryption_configuration" { bucket = aws_s3_bucket.connection_gateway_lb_logs_bucket.bucket rule { bucket_key_enabled = true apply_server_side_encryption_by_default { kms_master_key_id = var.kms_key_arn sse_algorithm = "aws:kms" } } } # Public access block resource "aws_s3_bucket_public_access_block" "connection_gateway_lb_logs_bucket_public_access_block" { bucket = aws_s3_bucket.connection_gateway_lb_logs_bucket.id block_public_acls = true block_public_policy = true restrict_public_buckets = true ignore_public_acls = true } # Define bucket policy to allow Load Balancer to write access logs resource "aws_s3_bucket_policy" "allow_write_access_to_load_balancer" { bucket = aws_s3_bucket.connection_gateway_lb_logs_bucket.id policy = <