From ed8f892c7fe6ab94c2ad3d6892c30cf6259b6c0a Mon Sep 17 00:00:00 2001 From: j4y <36337+j4y@users.noreply.github.com> Date: Fri, 26 Dec 2025 09:52:52 -0500 Subject: [PATCH 1/2] feat: enable S3 and CloudFront access logging - add dedicated log bucket for storing access logs - configure CloudFront distribution logging to write to log bucket --- terraform/website/main.tf | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/terraform/website/main.tf b/terraform/website/main.tf index 0a21402..46b3356 100644 --- a/terraform/website/main.tf +++ b/terraform/website/main.tf @@ -2,6 +2,17 @@ resource "aws_s3_bucket" "bucket" { bucket = var.domain } +resource "aws_s3_bucket_logging" "bucket_logging" { + bucket = aws_s3_bucket.bucket.id + + target_bucket = aws_s3_bucket.logs.id + target_prefix = "s3-access-logs/" +} + +resource "aws_s3_bucket" "logs" { + bucket = "${var.domain}-logs" +} + resource "aws_s3_bucket_ownership_controls" "bucket" { bucket = aws_s3_bucket.bucket.id rule { @@ -70,6 +81,13 @@ resource "aws_cloudfront_distribution" "distribution" { is_ipv6_enabled = true price_class = "PriceClass_100" + logging_config { + include_cookies = false + bucket = "${aws_s3_bucket.logs.bucket_regional_domain_name}" + prefix = "cloudfront/" + } + + origin { domain_name = aws_s3_bucket_website_configuration.bucket.website_endpoint origin_id = aws_s3_bucket.bucket.bucket_regional_domain_name From af835359a90ac3fb7bd52b676987eab65e9bde61 Mon Sep 17 00:00:00 2001 From: j4y <36337+j4y@users.noreply.github.com> Date: Fri, 26 Dec 2025 09:58:03 -0500 Subject: [PATCH 2/2] fix(tflint): replace deprecated `module` attribute with `call_module_type` TFLint v0.54.0 removed the `module` attribute. Updated config to use `call_module_type = "all"` to restore module analysis compatibility. --- .tflint.hcl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.tflint.hcl b/.tflint.hcl index 12ca630..aadcfc7 100644 --- a/.tflint.hcl +++ b/.tflint.hcl @@ -2,9 +2,9 @@ config { disabled_by_default = false format = "compact" force = false - module = true + call_module_type = "all" } - + plugin "aws" { enabled = true source = "github.com/terraform-linters/tflint-ruleset-aws"