Merge pull request #153 from NHSDigital/feature/CCM-14600_Enable_Access_Logging_For_EventCache_Buckets

jamesthompson26-nhs · web-flow · commit 5532418a8afe · 2026-03-03T09:45:11.000Z
CCM-14600: Enable Access Logging for Event Cache Buckets
diff --git a/infrastructure/terraform/modules/eventpub/README.md b/infrastructure/terraform/modules/eventpub/README.md
@@ -11,6 +11,7 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_access_logging_bucket"></a> [access\_logging\_bucket](#input\_access\_logging\_bucket) | S3 Access logging bucket name. | `string` | `""` | no |
 | <a name="input_additional_policies_for_event_cache_bucket"></a> [additional\_policies\_for\_event\_cache\_bucket](#input\_additional\_policies\_for\_event\_cache\_bucket) | A list of JSON policies to use to build the bucket policy | `list(string)` | `[]` | no |
 | <a name="input_aws_account_id"></a> [aws\_account\_id](#input\_aws\_account\_id) | The AWS Account ID (numeric) | `string` | n/a | yes |
 | <a name="input_component"></a> [component](#input\_component) | The name of the terraformscaffold component calling this module | `string` | n/a | yes |
@@ -41,7 +42,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_s3bucket_event_cache"></a> [s3bucket\_event\_cache](#module\_s3bucket\_event\_cache) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.30/terraform-s3bucket.zip | n/a |
+| <a name="module_s3bucket_event_cache"></a> [s3bucket\_event\_cache](#module\_s3bucket\_event\_cache) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/3.0.3/terraform-s3bucket.zip | n/a |
 ## Outputs
 
 | Name | Description |
diff --git a/infrastructure/terraform/modules/eventpub/module_s3bucket_event_cache.tf b/infrastructure/terraform/modules/eventpub/module_s3bucket_event_cache.tf
@@ -1,5 +1,5 @@
 module "s3bucket_event_cache" {
-  source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.30/terraform-s3bucket.zip"
+  source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/3.0.3/terraform-s3bucket.zip"
 
   count = var.enable_event_cache ? 1 : 0
 
@@ -41,6 +41,11 @@ module "s3bucket_event_cache" {
     var.additional_policies_for_event_cache_bucket
   )
 
+  bucket_logging_target = {
+    bucket = "${var.access_logging_bucket}"
+  }
+
+
   public_access = {
     block_public_acls       = true
     block_public_policy     = true
diff --git a/infrastructure/terraform/modules/eventpub/variables.tf b/infrastructure/terraform/modules/eventpub/variables.tf
@@ -153,3 +153,9 @@ variable "event_publishing_anomaly_band_width" {
   description = "The width of the anomaly detection band. Higher values (e.g. 4-6) reduce sensitivity and noise, lower values (e.g. 2-3) increase sensitivity. Recommended: 2-4."
   default     = 5
 }
+
+variable "access_logging_bucket" {
+  type        = string
+  description = "S3 Access logging bucket name."
+  default     = ""
+}
