CCM-14600: Enable Access Logging where Missing

Author: jamesthompson26-nhs

infrastructure/terraform/components/api/module_domain_truststore.tf

@@ -1,5 +1,5 @@
 module "domain_truststore" {
-  source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-s3bucket.zip"
+  source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/3.0.4/terraform-s3bucket.zip"
 
   name           = "truststore"
   aws_account_id = var.aws_account_id
@@ -12,11 +12,9 @@ module "domain_truststore" {
   kms_key_arn  = module.kms.key_id
 
   bucket_logging_target = {
-    bucket = module.logging_bucket.bucket
-    prefix = "truststore/"
+    bucket = local.acct.s3_buckets["access_logs"]["id"]
   }
 
   policy_documents = [
   ]
-
 }

infrastructure/terraform/components/api/module_logging_bucket.tf

@@ -1,5 +1,5 @@
 module "eventpub" {
-  source = "git::https://github.com/NHSDigital/nhs-notify-shared-modules.git//infrastructure/terraform/modules/eventpub?ref=feature/CCM-14600_Enable_Access_Logging_For_EventCache_Buckets"
+  source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/3.0.4/terraform-eventpub.zip"
 
   name = "eventpub"
 
@@ -28,9 +28,7 @@ module "eventpub" {
   data_plane_bus_arn    = var.eventpub_data_plane_bus_arn
   control_plane_bus_arn = var.eventpub_control_plane_bus_arn
 
-  eventcache_bucket_logging_target = {
-    bucket = local.acct.s3_buckets["access_logs"]["id"]
-  }
+  access_logging_bucket = local.acct.s3_buckets["access_logs"]["id"]
 
   additional_policies_for_event_cache_bucket = [
     data.aws_iam_policy_document.eventcache[0].json

infrastructure/terraform/components/api/modules_eventpub.tf

@@ -27,4 +27,6 @@ module "eventsub" {
   enable_event_cache      = var.enable_event_cache
 
   shared_infra_account_id = var.shared_infra_account_id
+
+  access_logging_bucket = local.acct.s3_buckets["access_logs"]["id"]
 }

infrastructure/terraform/components/api/modules_eventsub.tf

@@ -1,5 +1,5 @@
 module "s3bucket_event_cache" {
-  source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.26/terraform-s3bucket.zip"
+  source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/3.0.4/terraform-s3bucket.zip"
 
   count = var.enable_event_cache ? 1 : 0
 
@@ -40,6 +40,10 @@ module "s3bucket_event_cache" {
     data.aws_iam_policy_document.s3bucket_event_cache[0].json
   ]
 
+  bucket_logging_target = {
+    bucket = "${var.access_logging_bucket}"
+  }
+
   public_access = {
     block_public_acls       = true
     block_public_policy     = true

infrastructure/terraform/modules/eventsub/module_s3bucket_event_cache.tf

@@ -119,3 +119,9 @@ variable "glue_role_arn" {
   type        = string
   description = "ARN of the Glue execution role from the parent"
 }
+
+variable "access_logging_bucket" {
+  type        = string
+  description = "Name of S3 bucket to use for access logging"
+  default     = ""
+}