Enable access logging for load balancer

Signed-off-by: Sayali Gaikawad <gaiksaya@amazon.com>
gaiksaya · Mar 19, 2024 · eb4b8b4 · eb4b8b4
1 parent 3b5ece4
commit eb4b8b4
Show file tree

Hide file tree

Showing 7 changed files with 11,640 additions and 47 deletions.
diff --git a/.gitignore b/.gitignore
@@ -11,7 +11,7 @@ resources/jenkins.yaml
 # CDK asset staging directory
 .cdk.staging
 cdk.out
-
+cdk.context.json
 # excluding intellij Idea files
 *.iml
 .idea/

diff --git a/bin/ci-stack.ts b/bin/ci-stack.ts
@@ -17,7 +17,7 @@ const defaultEnv: string = 'Dev';
 
 const ciConfigStack = new CIConfigStack(app, `OpenSearch-CI-Config-${defaultEnv}`, {});
 
-const ciStack = new CIStack(app, `OpenSearch-CI-${defaultEnv}`, {});
+const ciStack = new CIStack(app, `OpenSearch-CI-${defaultEnv}`, { env: { account: 'test-account', region: 'us-east-1' } });
 
 const ciCdnStack = new CiCdnStack(app, `OpenSearch-CI-Cdn-${defaultEnv}`, {});
 ciCdnStack.addDependency(ciStack);
diff --git a/lib/ci-stack.ts b/lib/ci-stack.ts
@@ -199,6 +199,7 @@ export class CIStack extends Stack {
       targetInstance: mainJenkinsNode.mainNodeAsg,
       listenerCertificate,
       useSsl,
+      accessLogBucket: auditloggingS3Bucket.bucket,
     });
 
     const artifactBucket = new Bucket(this, 'BuildBucket');

diff --git a/lib/network/ci-external-load-balancer.ts b/lib/network/ci-external-load-balancer.ts
@@ -7,19 +7,20 @@
  */
 
 import { CfnOutput, Stack } from 'aws-cdk-lib';
-import { Instance, SecurityGroup, Vpc } from 'aws-cdk-lib/aws-ec2';
+import { AutoScalingGroup } from 'aws-cdk-lib/aws-autoscaling';
+import { SecurityGroup, Vpc } from 'aws-cdk-lib/aws-ec2';
 import {
   ApplicationListener, ApplicationLoadBalancer, ApplicationProtocol, ApplicationTargetGroup, ListenerCertificate, Protocol, SslPolicy,
 } from 'aws-cdk-lib/aws-elasticloadbalancingv2';
-import { InstanceTarget } from 'aws-cdk-lib/aws-elasticloadbalancingv2-targets';
-import { AutoScalingGroup } from 'aws-cdk-lib/aws-autoscaling';
+import { Bucket } from 'aws-cdk-lib/aws-s3';
 
 export interface JenkinsExternalLoadBalancerProps {
   readonly vpc: Vpc;
   readonly sg: SecurityGroup;
   readonly targetInstance: AutoScalingGroup;
   readonly listenerCertificate: ListenerCertificate;
   readonly useSsl: boolean;
+  readonly accessLogBucket: Bucket;
 }
 
 export class JenkinsExternalLoadBalancer {
@@ -64,6 +65,8 @@ export class JenkinsExternalLoadBalancer {
       },
     });
 
+    // this.loadBalancer.logAccessLogs(props.accessLogBucket, 'loadBalancerAcessLogs');
+
     new CfnOutput(stack, 'Jenkins External Load Balancer Dns', {
       value: this.loadBalancer.loadBalancerDnsName,
     });