I want to configure AWS NLB to store logs at the S3 bucket? I have:
I've added these annotations to my terraform code to nginx ingress:
set {
name = "controller.service.annotations.service\\.beta\\.kubernetes\\.io/aws-load-balancer-access-log-enabled"
value = "true"
}
set {
name = "controller.service.annotations.service\\.beta\\.kubernetes\\.io/aws-load-balancer-access-log-s3-bucket-name"
value = "nlb-logs-bucket"
}
set {
name = "controller.service.annotations.service\\.beta\\.kubernetes\\.io/aws-load-balancer-access-log-s3-bucket-prefix"
value = "/nlblogs"
}
I see that annotations are added to the controller, but in AWS console NLB settings didn't change (logs aren't saving to the bucket).
I've found a solution. I hope, it will help anybody.
As I understand, mentioned above annotations are only for ELB, and they don't work for NLB. I tried to update EKS to 1.16 and 1.17. It works for ELB, but not for NLB.
So, the solution is - to use local-exec provision in Terraform for k8s. At least it works for me.
Here is the code:
resource "null_resource" "enable_s3_bucket_logging_on_nlb" {
triggers = { <TRIGGERS> }
provisioner "local-exec" {
command = <<EOS
for i in $(aws elbv2 describe-load-balancers --region=<REGION> --names=$(echo ${data.kubernetes_service.nginx_ingress.load_balancer_ingress.0.hostname} |cut -d- -f1) | \
jq ".[][] | { LoadBalancerArn: .LoadBalancerArn }" |awk '{print $2}' |tr -d '"'); do \
aws elbv2 modify-load-balancer-attributes --region=<REGION> --load-balancer-arn $i --attributes Key=access_logs.s3.enabled,Value=true \
Key=access_logs.s3.bucket,Value=nlb-logs-bucket Key=access_logs.s3.prefix,Value=nlblogs;\
done; \
EOS
}
}
where: