Terraform-provider-aws: aws_lb access_logs ignores enabled

Any plans to work on this one? I could assist if needed.

Hi @gmccue

If you want to take over this, we will be glad to review the work :)
Do you feel you could contribute that?

@Ninir Sure! I will give it a go.

@Ninir anything else needed to prepare the PR for review?

Any updates on this? I set enabled to false, but it still looks for the bucket and returns an error when it does not find the bucket.

This seems to be breaking the creation of resources that come after the load balancer

Failure configuring ALB attributes: InvalidConfigurationRequest: Load balancer attribute key 'access_logs.s3.enabled' is not supported on load balancers with type 'network'

I get this error if I set the enabled boolean in the access_logs block to false, or if I remove the enabled boolean completely and only set the "bucket" variable. It seems no matter what terraform is trying to pass that attribute key.
The network load balancer still gets created, but terraform exits and my other resources don't get created.

Also to add, I know I can remove the access_logs block entirely and then terraform won't fail. But I wanted to have the block there since I am creating a module that can be used to create an alb or nlb and control the s3 access logs via the enabled boolean.

when inspecting my network loadbalancer it has the option to enable logs to S3... not sure whats the reason for terraform docs saying its not supported for network lb

How can I enable accese-logs for Network Loadbalancer????

Added access_logs block to an NLB with enabled = true. No error but ignored and disabled on resulting NLB. This is on v0.11.13.

+1

Same things ... no errors, but access logs not enable

TF Context :
Terraform v0.11.13

• provider.aws v1.60.0
• provider.template v2.1.0

TF code part :
resource "aws_lb" "toto" {
name = "${var.project_name}-${var.env}-nlb-toto"
internal = "true"
load_balancer_type = "network"
enable_deletion_protection = "${var.lb_deletion_protection}"

subnets = [
"${lookup(var.vpc_public_subnet_id_a, var.env)}",
"${lookup(var.vpc_public_subnet_id_b, var.env)}",
"${lookup(var.vpc_public_subnet_id_c, var.env)}"
]

access_logs {
bucket = "${var.solocal_s3_bucket_logs}"
enabled = "true"
}

tags {
BillingBusinessApp = "${var.billing_business_app}"
Name = "${var.project_name}-${var.env}-nlb-toto"
env = "${var.env}"
resource-name = "${var.project_name}"
}
}

Hi folks 👋 The aws_lb resource was ignoring NLB access log configuration previously, which has not changed since NLB access log support was added in January. There is a feature request to add support for NLB access logs here: https://github.com/terraform-providers/terraform-provider-aws/issues/8208 Please 👍 that issue and follow there for updates about that functionality.

The good news is that both enabling NLB access log and fixing the original report here for disabling already enabled ALB access logs will likely be solved at the same time, which I'm currently working on. I'll provide an update shortly.

Support for NLB access logs and properly disabling access logs when enabled is set to false has been merged and will release with version 2.8.0 of the Terraform AWS Provider, likely later this week. 👍

This has been released in version 2.8.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!