Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CloudFrontToS3: Logging buckets shouldn't be created when set to false #1157

Open
lukepritchard-homstar opened this issue Jul 25, 2024 · 1 comment
Open

CloudFrontToS3: Logging buckets shouldn't be created when set to false #1157

lukepritchard-homstar opened this issue Jul 25, 2024 · 1 comment
Labels
bug Something isn't working needs-triage The issue or PR still needs to be triaged

Comments

@lukepritchard-homstar
Copy link

CloudFrontToS3 allows you to provide two boolean parameters to disable S3 logging, and CloudFront logging:

  • logS3AccessLogs: boolean (default true)
  • logCloudFrontAccessLog: boolean (default true)

When these are set to false, I expect there to be no created S3 buckets for logging purposes. However, this is not the case.

Reproduction Steps

Create the construct with logS3AccessLogs to false, and logCloudFrontAccessLog to false:

import { CloudFrontToS3 } from '@aws-solutions-constructs/aws-cloudfront-s3';

const CloudFronToS3 = new CloudFrontToS3(this, 'CloudFrontToS3', {
      existingBucketObj: siteBucket,
      logS3AccessLogs: false,
      logCloudFrontAccessLog: false,
      cloudFrontDistributionProps: {
         ...
      }
}

Deploying this will result in two logging buckets being created:

image

I expect these two buckets to not have been created in the first place.

Error Log

There is no error log as this is a bug

Environment

  • CDK CLI Version : 2.150.0
  • AWS Solutions Constructs Version : 2.63.0
  • OS : MacOS Sonoma 14.4.1
  • Language : Typescript

This is 🐛 Bug Report
@lukepritchard-homstar lukepritchard-homstar added bug Something isn't working needs-triage The issue or PR still needs to be triaged labels Jul 25, 2024
@biffgaut
Copy link
Contributor

biffgaut commented Aug 7, 2024

The construct can create up to 4 buckets:

  1. The content bucket
  2. A bucket containing access logs for the content bucket
  3. A bucket with logs for CloudFront traffic
  4. A bucket containing access logs for the bucket with CloudFront traffic logs

Setting the two flags you provide to false:

      logS3AccessLogs: false,
      logCloudFrontAccessLog: false,

Should prevent the creation of buckets #2 and 4. Since you provide an existing bucket, setting logS3AccessLogs to false is kind of a NOP. To turn off logging CloudFront access, use the enableLogging flag in cloudFrontDistributionProps:

const CloudFronToS3 = new CloudFrontToS3(this, 'CloudFrontToS3', {
      existingBucketObj: siteBucket,
      logS3AccessLogs: false,
      logCloudFrontAccessLog: false,
      cloudFrontDistributionProps: {
         enableLogging: false
      }
}

This will prevent creation of bucket #3. The construct will also then cease creating bucket #4.

That should satisfy your use case of no logging. This does appear to identify a bug though - if CloudFront logging is enabled (the default) and logCloudFrontAccessLog is false then only bucket #3 should be created and we also see bucket #4 created when running your code. We will look into that- thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working needs-triage The issue or PR still needs to be triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@biffgaut @lukepritchard-homstar