Class: S3Secure::AccessLogs::Enable

Inherits:
Base show all
Defined in:
lib/s3_secure/access_logs/enable.rb

Instance Method Summary collapse

Methods inherited from CLI::Base

#buckets, #initialize

Methods included from CLI::Say

#say

Methods included from S3Secure::AwsServices

#sts

Methods included from S3Secure::AwsServices::S3

#check_bucket!, #new_s3_regional_client, #region, #region_map, #s3, #s3_client, #s3_regional_client

Constructor Details

This class inherits a constructor from S3Secure::CLI::Base

Instance Method Details

#add_bucket_aclObject

Bucket ACL applies on the target bucket only



10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/s3_secure/access_logs/enable.rb', line 10

def add_bucket_acl
  if @show.acl_enabled?
    say "Bucket acl already has log delivery ACL"
    return
  end

  # require to add in order to use put_bucket_acl since this change
  # https://aws.amazon.com/blogs/aws/amazon-s3-block-public-access-another-layer-of-protection-for-your-accounts-and-buckets/
  s3.put_bucket_ownership_controls(
    bucket: @bucket,
    ownership_controls: { # required
      rules: [ # required
        {object_ownership: "ObjectWriter"}, # required, accepts BucketOwnerPreferred, ObjectWriter, BucketOwnerEnforced
      ],
    },
  )

  s3.put_bucket_acl(
    bucket: @bucket,
    access_control_policy: @show.access_control_policy_with_log_delivery_permissions,
  )
  say "Added to bucket acl that grants log delivery"
end

#enable_access_loggingObject 



34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
 
# File 'lib/s3_secure/access_logs/enable.rb', line 34

def enable_access_logging
  if @show.logging_enabled?
    say "Bucket access logging already enabled"
    return
  end

  s3.put_bucket_logging(
    bucket: @bucket, # source
    bucket_logging_status: {
      logging_enabled: {
        target_bucket: @show.target_bucket,
        target_prefix: @show.target_prefix,
      },
    },
  )
  say "Enabled access logging on the source bucket #{@bucket} to be delivered to the target bucket #{@show.target_bucket}"
end

#runObject 



3
4
5
6
7
 
# File 'lib/s3_secure/access_logs/enable.rb', line 3

def run
  @show = Show.new(bucket: @bucket)
  add_bucket_acl
  enable_access_logging
end