Enable access logs for an AWS ALB using terraform

2 min read | by Jordi Prats

To be able to collect access logs it might be just more convenient to be able to enable them at the load balancer level rather than having to aggregate logs from all the backend services. If we are using an AWS ALB we can configure it to push it's logs to an S3 bucket

To do so with terraform we just need to define the access_logs block as follows:

resource "aws_alb" "demo_alb" {
  name            = "demo_alb"
  security_groups = [var.sg_id]
  subnets         = var.private_subnets

  access_logs {
    bucket  = "logsbucket"
    prefix  = "alb"
    enabled = true

It's options are quite self-explanatory:

  • bucket: The S3 bucket we want to write the logs to
  • prefix: Where (path) on the bucket we want to write them (so we can share it a bucket with multiple ALBs without colliding)
  • enable: Whether we want logs to be enabled. By default logs are disabled, even when bucket is specified, so we need to explicitly enable them by setting it to true

Posted on 29/04/2022