Provides an S3 bucket (server access) logging resource. For more information, see Logging requests using server access logging in the AWS S3 User Guide.
resource "aws_s3_bucket" "example" {
bucket = "my-tf-example-bucket"
}
resource "aws_s3_bucket_acl" "example" {
bucket = aws_s3_bucket.example.id
acl = "private"
}
resource "aws_s3_bucket" "log_bucket" {
bucket = "my-tf-log-bucket"
}
resource "aws_s3_bucket_acl" "log_bucket_acl" {
bucket = aws_s3_bucket.log_bucket.id
acl = "log-delivery-write"
}
resource "aws_s3_bucket_logging" "example" {
bucket = aws_s3_bucket.example.id
target_bucket = aws_s3_bucket.log_bucket.id
target_prefix = "log/"
}
This resource supports the following arguments:
bucket
- (Required, Forces new resource) Name of the bucket.expected_bucket_owner
- (Optional, Forces new resource) Account ID of the expected bucket owner.target_bucket
- (Required) Name of the bucket where you want Amazon S3 to store server access logs.target_prefix
- (Required) Prefix for all log object keys.target_grant
- (Optional) Set of configuration blocks with information for granting permissions. See below.target_object_key_format
- (Optional) Amazon S3 key format for log objects. See below.The target_grant
configuration block supports the following arguments:
grantee
- (Required) Configuration block for the person being granted permissions. See below.permission
- (Required) Logging permissions assigned to the grantee for the bucket. Valid values: FULL_CONTROL
, READ
, WRITE
.The grantee
configuration block supports the following arguments:
email_address
- (Optional) Email address of the grantee. See Regions and Endpoints for supported AWS regions where this argument can be specified.id
- (Optional) Canonical user ID of the grantee.type
- (Required) Type of grantee. Valid values: CanonicalUser
, AmazonCustomerByEmail
, Group
.uri
- (Optional) URI of the grantee group.The target_object_key_format
configuration block supports the following arguments:
partitioned_prefix
- (Optional) Partitioned S3 key for log objects. See below.simple_prefix
- (Optional) Use the simple format for S3 keys for log objects. To use, set simple_prefix {}
.The partitioned_prefix
configuration block supports the following arguments:
partition_date_source
- (Required) Specifies the partition date source for the partitioned prefix. Valid values: EventTime
, DeliveryTime
.This resource exports the following attributes in addition to the arguments above:
id
- The bucket
or bucket
and expected_bucket_owner
separated by a comma (,
) if the latter is provided.In Terraform v1.5.0 and later, use an import
block to import S3 bucket logging using the bucket
or using the bucket
and expected_bucket_owner
separated by a comma (,
). For example:
If the owner (account ID) of the source bucket is the same account used to configure the Terraform AWS Provider, import using the bucket
:
import {
to = aws_s3_bucket_logging.example
id = "bucket-name"
}
If the owner (account ID) of the source bucket differs from the account used to configure the Terraform AWS Provider, import using the bucket
and expected_bucket_owner
separated by a comma (,
):
import {
to = aws_s3_bucket_logging.example
id = "bucket-name,123456789012"
}
Using terraform import
to import S3 bucket logging using the bucket
or using the bucket
and expected_bucket_owner
separated by a comma (,
). For example:
If the owner (account ID) of the source bucket is the same account used to configure the Terraform AWS Provider, import using the bucket
:
% terraform import aws_s3_bucket_logging.example bucket-name
If the owner (account ID) of the source bucket differs from the account used to configure the Terraform AWS Provider, import using the bucket
and expected_bucket_owner
separated by a comma (,
):
% terraform import aws_s3_bucket_logging.example bucket-name,123456789012