[tests] Update ELB access log S3 bucket policies to use service principal#2845
Open
tremble wants to merge 4 commits intoansible-collections:mainfrom
Open
[tests] Update ELB access log S3 bucket policies to use service principal#2845tremble wants to merge 4 commits intoansible-collections:mainfrom
tremble wants to merge 4 commits intoansible-collections:mainfrom
Conversation
Replace legacy region-specific AWS account ID approach with the recommended service principal method for both Classic and Application Load Balancers. This simplifies the bucket policies and allows tests to run in any AWS region without maintaining a region-to-account-id mapping. Assisted-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Assisted-by: Claude Sonnet 4.5 <noreply@anthropic.com>
The S3 bucket policy template requires the aws_account variable to properly construct the Resource ARN with the account ID. The elb_application_lb tests already fetch this via aws_caller_info, but elb_classic_lb tests were missing this setup step. Add aws_caller_info call and set_fact to define aws_account before creating S3 buckets in the elb_classic_lb integration tests. Assisted-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Expand the S3 bucket policy template to allow ELB access logs to be written to paths with different prefixes (default and updated), enabling testing of logging prefix updates. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Contributor
|
Build succeeded. ✔️ ansible-galaxy-importer SUCCESS in 5m 29s |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
SUMMARY
Replace legacy region-specific AWS account ID approach with the
recommended service principal method for both Classic and Application
Load Balancers. This simplifies the bucket policies and allows tests
to run in any AWS region without maintaining a region-to-account-id
mapping.
See also: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-access-logging.html
and #2773
ISSUE TYPE
COMPONENT NAME
elb_application_lb
elb_classic_lb
ADDITIONAL INFORMATION
Assisted-by: Claude Sonnet 4.5 noreply@anthropic.com