From 8c3b0838004b5882dc3d4b4410d10118da3e6fa5 Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <hsharma@sumologic.com>
Date: Wed, 9 Feb 2022 19:13:11 +0530
Subject: [PATCH 1/4] Adding variables to ELB module

---
 aws/elb/elb.tf       |  8 ++++----
 aws/elb/locals.tf    |  2 +-
 aws/elb/variables.tf | 14 ++++++++++++++
 3 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/aws/elb/elb.tf b/aws/elb/elb.tf
index 07faacc..b2b339d 100644
--- a/aws/elb/elb.tf
+++ b/aws/elb/elb.tf
@@ -137,14 +137,14 @@ resource "aws_sns_topic_subscription" "subscription" {
 resource "aws_serverlessapplicationrepository_cloudformation_stack" "auto_enable_access_logs" {
   for_each = toset(local.auto_enable_access_logs ? ["auto_enable_access_logs"] : [])
 
-  name             = "Auto-Enable-Access-Logs-Elb-${random_string.aws_random.id}"
+  name             = "Auto-Enable-Access-Logs-${var.auto_enable_access_logs_options.auto_enable_logging}-${random_string.aws_random.id}"
   application_id   = "arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-s3-logging-auto-enable"
-  semantic_version = "1.0.2"
+  semantic_version = var.app_semantic_version
   capabilities     = data.aws_serverlessapplicationrepository_application.app.required_capabilities
   parameters = {
     BucketName                = local.bucket_name
-    BucketPrefix              = "elasticloadbalancing"
-    AutoEnableLogging         = "ALB"
+    BucketPrefix              = var.auto_enable_access_logs_options.bucket_prefix
+    AutoEnableLogging         = var.auto_enable_access_logs_options.auto_enable_logging
     AutoEnableResourceOptions = var.auto_enable_access_logs
     FilterExpression          = var.auto_enable_access_logs_options.filter
     RemoveOnDeleteStack       = var.auto_enable_access_logs_options.remove_on_delete_stack
diff --git a/aws/elb/locals.tf b/aws/elb/locals.tf
index 84b6391..3dcb21e 100644
--- a/aws/elb/locals.tf
+++ b/aws/elb/locals.tf
@@ -14,7 +14,7 @@ locals {
   auto_enable_access_logs = var.auto_enable_access_logs != "None" ? true : false
 
   # If we create the bucket, then get the default PATH expression.
-  logs_path_expression = var.source_details.bucket_details.create_bucket ? "*AWSLogs/${local.aws_account_id}/elasticloadbalancing/${local.aws_region}/*" : var.source_details.bucket_details.path_expression
+logs_path_expression = var.source_details.bucket_details.create_bucket ? "*${var.auto_enable_access_logs_options.bucket_prefix}/AWSLogs/${local.aws_account_id}/elasticloadbalancing/${local.aws_region}/*" : var.source_details.bucket_details.path_expression
 
   region_to_elb_account_id = {
     "us-east-1"      = "127311923021",
diff --git a/aws/elb/variables.tf b/aws/elb/variables.tf
index 34d9c9a..add5f7e 100644
--- a/aws/elb/variables.tf
+++ b/aws/elb/variables.tf
@@ -108,8 +108,16 @@ variable "auto_enable_access_logs" {
   default = "Both"
 }
 
+variable "app_semantic_version" {
+  type        = string
+  description = "Provide the latest version of Serverless Application Repository 'sumologic-s3-logging-auto-enable'."
+  default = "1.0.4"
+}
+
 variable "auto_enable_access_logs_options" {
   type = object({
+    bucket_prefix          = string
+    auto_enable_logging    = string
     filter                 = string
     remove_on_delete_stack = bool
   })
@@ -120,9 +128,15 @@ variable "auto_enable_access_logs_options" {
 	EOT
 
   default = {
+    bucket_prefix          = ""
+    auto_enable_logging    = ""
     filter                 = ""
     remove_on_delete_stack = true
   }
+  validation {
+    condition = contains(["ALB", "ELB"], var.auto_enable_access_logs_options.auto_enable_logging)
+    error_message = "The value must be one of ALB or ELB."
+  }
 }
 
 variable "wait_for_seconds" {

From 0f1b596cbfd95e173f1c20a1f061a1015f367617 Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <hsharma@sumologic.com>
Date: Tue, 22 Feb 2022 17:01:40 +0530
Subject: [PATCH 2/4] Reverting old commit and adding code to new folder

---
 aws/elasticloadbalancing/README.md            |  54 +++++++
 aws/elasticloadbalancing/data.tf              |  10 ++
 aws/elasticloadbalancing/elb.tf               | 152 ++++++++++++++++++
 aws/elasticloadbalancing/locals.tf            |  46 ++++++
 aws/elasticloadbalancing/outputs.tf           |  44 +++++
 .../templates/elb_bucket_policy.tmpl          |  34 ++++
 .../templates/sns_topic_policy.tmpl           |  21 +++
 .../templates/sumologic_assume_role.tmpl      |  17 ++
 .../templates/sumologic_source_policy.tmpl    |  18 +++
 aws/elasticloadbalancing/variables.tf         | 150 +++++++++++++++++
 aws/elasticloadbalancing/versions.tf          |  22 +++
 aws/elb/elb.tf                                |   8 +-
 aws/elb/locals.tf                             |   2 +-
 aws/elb/variables.tf                          |  14 --
 14 files changed, 573 insertions(+), 19 deletions(-)
 create mode 100644 aws/elasticloadbalancing/README.md
 create mode 100644 aws/elasticloadbalancing/data.tf
 create mode 100644 aws/elasticloadbalancing/elb.tf
 create mode 100644 aws/elasticloadbalancing/locals.tf
 create mode 100644 aws/elasticloadbalancing/outputs.tf
 create mode 100644 aws/elasticloadbalancing/templates/elb_bucket_policy.tmpl
 create mode 100644 aws/elasticloadbalancing/templates/sns_topic_policy.tmpl
 create mode 100644 aws/elasticloadbalancing/templates/sumologic_assume_role.tmpl
 create mode 100644 aws/elasticloadbalancing/templates/sumologic_source_policy.tmpl
 create mode 100644 aws/elasticloadbalancing/variables.tf
 create mode 100644 aws/elasticloadbalancing/versions.tf

diff --git a/aws/elasticloadbalancing/README.md b/aws/elasticloadbalancing/README.md
new file mode 100644
index 0000000..08002cf
--- /dev/null
+++ b/aws/elasticloadbalancing/README.md
@@ -0,0 +1,54 @@
+# SumoLogic-AWS-Elb
+
+This module is used to create AWS and Sumo Logic resource to collect ELB logs from an AWS S3 bucket. Features include
+- Create AWS S3 bucket or use an existing AWS S3 bucket.
+- Create AWS IAM role or use an existing IAM role.
+- Create AWS SNS Topic or use an existing AWS SNS topic.
+- Create Sumo Logic hosted collector or use an existing Sumo Logic hosted collector.
+- Create Sumo Logic ELB source.
+- Auto enable access logs for Existing and New load balancer after installing the module.
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 0.13.0 |
+| aws | >= 3.42.0 |
+| random | >=3.1.0 |
+| sumologic | >= 2.9.0 |
+| time | >=0.7.1 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | >= 3.42.0 |
+| random | >=3.1.0 |
+| sumologic | >= 2.9.0 |
+| time | >=0.7.1 |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| auto\_enable\_access\_logs | New - Automatically enables access logging for newly created ALB resources to collect logs for ALB resources. This does not affect ALB resources already collecting logs.<br>                              Existing - Automatically enables access logging for existing ALB resources to collect logs for ALB resources.<br>                               Both - Automatically enables access logging for new and existing ALB resources.<br>                               None - Skips Automatic access Logging enable for ALB resources. | `string` | `"Both"` | no |
+| auto\_enable\_access\_logs\_options | filter - provide a regex to filter the ELB for which access logs should be enabled. Empty means all resources. For eg :- 'Type': 'application'\|'type': 'application', will enable access logs for Application load balancer only.<br>            remove\_on\_delete\_stack - provide true if you would like to disable access logging when you destroy the terraform resources. | <pre>object({<br>    filter                 = string<br>    remove_on_delete_stack = bool<br>  })</pre> | <pre>{<br>  "filter": "",<br>  "remove_on_delete_stack": true<br>}</pre> | no |
+| collector\_details | Provide details for the Sumo Logic collector. If not provided, then defaults will be used. | <pre>object({<br>    collector_name = string<br>    description    = string<br>    fields         = map(string)<br>  })</pre> | <pre>{<br>  "collector_name": "SumoLogic Elb Collector <Random ID>",<br>  "description": "This collector is created using Sumo Logic terraform AWS ELB module to collect AWS elb logs.",<br>  "fields": {}<br>}</pre> | no |
+| create\_collector | Provide "true" if you would like to create the Sumo Logic Collector. | `bool` | n/a | yes |
+| source\_details | Provide details for the Sumo Logic ELB source. If not provided, then defaults will be used. | <pre>object({<br>    source_name     = string<br>    source_category = string<br>    collector_id    = string<br>    description     = string<br>    bucket_details = object({<br>      create_bucket        = bool<br>      bucket_name          = string<br>      path_expression      = string<br>      force_destroy_bucket = bool<br>    })<br>    paused               = bool<br>    scan_interval        = string<br>    sumo_account_id      = number<br>    cutoff_relative_time = string<br>    fields               = map(string)<br>    iam_details = object({<br>      create_iam_role = bool<br>      iam_role_arn    = string<br>    })<br>    sns_topic_details = object({<br>      create_sns_topic = bool<br>      sns_topic_arn    = string<br>    })<br>  })</pre> | <pre>{<br>  "bucket_details": {<br>    "bucket_name": "elb-logs-random-id",<br>    "create_bucket": true,<br>    "force_destroy_bucket": true,<br>    "path_expression": "*AWSLogs/<ACCOUNT-ID>/elasticloadbalancing/<REGION-NAME>/*"<br>  },<br>  "collector_id": "",<br>  "cutoff_relative_time": "-1d",<br>  "description": "This source is created using Sumo Logic terraform AWS elb module to collect AWS elb logs.",<br>  "fields": {},<br>  "iam_details": {<br>    "create_iam_role": true,<br>    "iam_role_arn": null<br>  },<br>  "paused": false,<br>  "scan_interval": 300000,<br>  "sns_topic_details": {<br>    "create_sns_topic": true,<br>    "sns_topic_arn": null<br>  },<br>  "source_category": "Labs/aws/elb",<br>  "source_name": "Elb Source",<br>  "sumo_account_id": 926226587429<br>}</pre> | no |
+| sumologic\_organization\_id | Appears on the Account Overview page that displays information about your Sumo Logic organization. Used for IAM Role in Sumo Logic AWS Sources. | `string` | n/a | yes |
+| wait\_for\_seconds | wait\_for\_seconds is used to delay sumo logic source creation. This helps persisting IAM role in AWS system.<br>        Default value is 180 seconds.<br>        If the AWS IAM role is created outside the module, the value can be decreased to 1 second. | `number` | `180` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| aws\_iam\_role | AWS IAM role with permission to allow Sumo Logic to read logs from S3 Bucket. |
+| aws\_s3\_bucket | AWS S3 Bucket name created to Store the ELB logs. |
+| aws\_s3\_bucket\_notification | AWS S3 Bucket Notification attached to the AWS S3 Bucket |
+| aws\_serverlessapplicationrepository\_cloudformation\_stack | AWS CloudFormation stack for ALB Auto Enable access logs. |
+| aws\_sns\_subscription | AWS SNS subscription to Sumo Logic AWS ELB source. |
+| aws\_sns\_topic | AWS SNS topic attached to the AWS S3 bucket. |
+| random\_string | Random String value created. |
+| sumologic\_collector | Sumo Logic hosted collector. |
+| sumologic\_source | Sumo Logic AWS ELB source. |
diff --git a/aws/elasticloadbalancing/data.tf b/aws/elasticloadbalancing/data.tf
new file mode 100644
index 0000000..acca3e3
--- /dev/null
+++ b/aws/elasticloadbalancing/data.tf
@@ -0,0 +1,10 @@
+data "aws_region" "current" {}
+
+data "aws_caller_identity" "current" {}
+
+data "sumologic_caller_identity" "current" {}
+
+data "aws_serverlessapplicationrepository_application" "app" {
+  application_id   = "arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-s3-logging-auto-enable"
+  semantic_version = "1.0.2"
+}
\ No newline at end of file
diff --git a/aws/elasticloadbalancing/elb.tf b/aws/elasticloadbalancing/elb.tf
new file mode 100644
index 0000000..b2b339d
--- /dev/null
+++ b/aws/elasticloadbalancing/elb.tf
@@ -0,0 +1,152 @@
+# *************** Steps are as Below to create Sumo Logic ELB source *************** #
+# 1. Create AWS S3 Bucket. If the Bucket is created, create SNS Topic and SNS policy to attach to Bucket.
+# 2. Create IAM role in AWS with access to the bucket name provided.
+# 3. Create a Collector. If the Collector ID is provided, do not create a Collector.
+# 4. Create the source either in the collector created or in the collector id provided.
+# 5. Create SNS Subscription to be attached to the source and SNS Topic.
+# 6. Add SAM app for auto enable of access logs for ELBs.
+
+resource "random_string" "aws_random" {
+  length  = 10
+  special = false
+  upper   = false
+}
+
+resource "aws_s3_bucket" "s3_bucket" {
+  for_each = toset(var.source_details.bucket_details.create_bucket ? ["s3_bucket"] : [])
+
+  bucket        = local.bucket_name
+  force_destroy = var.source_details.bucket_details.force_destroy_bucket
+
+  policy = templatefile("${path.module}/templates/elb_bucket_policy.tmpl", {
+    BUCKET_NAME     = local.bucket_name
+    ELB_ACCCOUNT_ID = local.region_to_elb_account_id[local.aws_region]
+  })
+}
+
+resource "aws_sns_topic" "sns_topic" {
+  for_each = toset(var.source_details.sns_topic_details.create_sns_topic ? ["sns_topic"] : [])
+
+  name = "SumoLogic-Terraform-Elb-Module-${random_string.aws_random.id}"
+  policy = templatefile("${path.module}/templates/sns_topic_policy.tmpl", {
+    BUCKET_NAME    = local.bucket_name,
+    AWS_REGION     = local.aws_region,
+    SNS_TOPIC_NAME = "SumoLogic-Terraform-Elb-Module-${random_string.aws_random.id}",
+    AWS_ACCOUNT    = local.aws_account_id
+  })
+}
+
+resource "aws_s3_bucket_notification" "bucket_notification" {
+  for_each = toset(var.source_details.sns_topic_details.create_sns_topic && var.source_details.bucket_details.create_bucket ? ["bucket_notification"] : [])
+
+  bucket = aws_s3_bucket.s3_bucket["s3_bucket"].id
+
+  topic {
+    topic_arn = aws_sns_topic.sns_topic["sns_topic"].arn
+    events    = ["s3:ObjectCreated:Put"]
+  }
+}
+
+resource "aws_iam_role" "source_iam_role" {
+  for_each = toset(var.source_details.iam_details.create_iam_role ? ["source_iam_role"] : [])
+
+  name = "SumoLogic-Terraform-Elb-Module-${random_string.aws_random.id}"
+  path = "/"
+
+  assume_role_policy = templatefile("${path.module}/templates/sumologic_assume_role.tmpl", {
+    SUMO_LOGIC_ACCOUNT_ID = var.source_details.sumo_account_id,
+    ENVIRONMENT           = data.sumologic_caller_identity.current.environment,
+    SUMO_LOGIC_ORG_ID     = var.sumologic_organization_id
+  })
+
+  managed_policy_arns = [aws_iam_policy.iam_policy["iam_policy"].arn]
+}
+
+resource "aws_iam_policy" "iam_policy" {
+  for_each = toset(var.source_details.iam_details.create_iam_role ? ["iam_policy"] : [])
+
+  name = "SumoLogicElbSource-${random_string.aws_random.id}"
+  policy = templatefile("${path.module}/templates/sumologic_source_policy.tmpl", {
+    BUCKET_NAME = local.bucket_name
+  })
+}
+
+resource "sumologic_collector" "collector" {
+  for_each    = toset(var.create_collector ? ["collector"] : [])
+  name        = local.collector_name
+  description = var.collector_details.description
+  fields      = var.collector_details.fields
+  timezone    = "UTC"
+}
+
+resource "time_sleep" "wait_for_seconds" {
+  create_duration = "${var.wait_for_seconds}s"
+}
+
+resource "sumologic_elb_source" "source" {
+  depends_on = [
+    time_sleep.wait_for_seconds
+  ]
+
+  lifecycle {
+    ignore_changes = [cutoff_timestamp, cutoff_relative_time]
+  }
+  category             = var.source_details.source_category
+  collector_id         = var.create_collector ? sumologic_collector.collector["collector"].id : var.source_details.collector_id
+  content_type         = "AwsElbBucket"
+  cutoff_relative_time = var.source_details.cutoff_relative_time
+  description          = var.source_details.description
+  fields               = var.source_details.fields
+  name                 = var.source_details.source_name
+  paused               = var.source_details.paused
+  scan_interval        = var.source_details.scan_interval
+  authentication {
+    type     = "AWSRoleBasedAuthentication"
+    role_arn = var.source_details.iam_details.create_iam_role ? aws_iam_role.source_iam_role["source_iam_role"].arn : var.source_details.iam_details.iam_role_arn
+  }
+
+  path {
+    type            = "S3BucketPathExpression"
+    bucket_name     = var.source_details.bucket_details.create_bucket ? aws_s3_bucket.s3_bucket["s3_bucket"].id : local.bucket_name
+    path_expression = local.logs_path_expression
+  }
+}
+
+resource "aws_sns_topic_subscription" "subscription" {
+  delivery_policy = jsonencode({
+    "guaranteed" = false,
+    "healthyRetryPolicy" = {
+      "numRetries"         = 40,
+      "minDelayTarget"     = 10,
+      "maxDelayTarget"     = 300,
+      "numMinDelayRetries" = 3,
+      "numMaxDelayRetries" = 5,
+      "numNoDelayRetries"  = 0,
+      "backoffFunction"    = "exponential"
+    },
+    "sicklyRetryPolicy" = null,
+    "throttlePolicy"    = null
+  })
+  endpoint               = sumologic_elb_source.source.url
+  endpoint_auto_confirms = true
+  protocol               = "https"
+  topic_arn              = var.source_details.sns_topic_details.create_sns_topic ? aws_sns_topic.sns_topic["sns_topic"].arn : var.source_details.sns_topic_details.sns_topic_arn
+}
+
+# Reason to use the SAM app, is to have single source of truth for Auto Enable access logs functionality.
+resource "aws_serverlessapplicationrepository_cloudformation_stack" "auto_enable_access_logs" {
+  for_each = toset(local.auto_enable_access_logs ? ["auto_enable_access_logs"] : [])
+
+  name             = "Auto-Enable-Access-Logs-${var.auto_enable_access_logs_options.auto_enable_logging}-${random_string.aws_random.id}"
+  application_id   = "arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-s3-logging-auto-enable"
+  semantic_version = var.app_semantic_version
+  capabilities     = data.aws_serverlessapplicationrepository_application.app.required_capabilities
+  parameters = {
+    BucketName                = local.bucket_name
+    BucketPrefix              = var.auto_enable_access_logs_options.bucket_prefix
+    AutoEnableLogging         = var.auto_enable_access_logs_options.auto_enable_logging
+    AutoEnableResourceOptions = var.auto_enable_access_logs
+    FilterExpression          = var.auto_enable_access_logs_options.filter
+    RemoveOnDeleteStack       = var.auto_enable_access_logs_options.remove_on_delete_stack
+  }
+}
\ No newline at end of file
diff --git a/aws/elasticloadbalancing/locals.tf b/aws/elasticloadbalancing/locals.tf
new file mode 100644
index 0000000..3dcb21e
--- /dev/null
+++ b/aws/elasticloadbalancing/locals.tf
@@ -0,0 +1,46 @@
+locals {
+
+  aws_account_id = data.aws_caller_identity.current.account_id
+
+  aws_region = data.aws_region.current.id
+
+  # Get the default collector name if no collector name is provided.
+  collector_name = var.collector_details.collector_name == "SumoLogic Elb Collector <Random ID>" ? "SumoLogic Elb Collector ${random_string.aws_random.id}" : var.collector_details.collector_name
+
+  # Get the default bucket name when no bucket is provided and create_bucket is true.
+  bucket_name = var.source_details.bucket_details.create_bucket && var.source_details.bucket_details.bucket_name == "elb-logs-random-id" ? "elb-logs-${random_string.aws_random.id}" : var.source_details.bucket_details.bucket_name
+
+  # Auto enable should be called if input is anything other than None.
+  auto_enable_access_logs = var.auto_enable_access_logs != "None" ? true : false
+
+  # If we create the bucket, then get the default PATH expression.
+logs_path_expression = var.source_details.bucket_details.create_bucket ? "*${var.auto_enable_access_logs_options.bucket_prefix}/AWSLogs/${local.aws_account_id}/elasticloadbalancing/${local.aws_region}/*" : var.source_details.bucket_details.path_expression
+
+  region_to_elb_account_id = {
+    "us-east-1"      = "127311923021",
+    "us-east-2"      = "033677994240",
+    "us-west-1"      = "027434742980",
+    "us-west-2"      = "797873946194",
+    "af-south-1"     = "098369216593",
+    "ca-central-1"   = "985666609251",
+    "eu-central-1"   = "054676820928",
+    "eu-west-1"      = "156460612806",
+    "eu-west-2"      = "652711504416",
+    "eu-south-1"     = "635631232127",
+    "eu-west-3"      = "009996457667",
+    "eu-north-1"     = "897822967062",
+    "ap-east-1"      = "754344448648",
+    "ap-northeast-1" = "582318560864",
+    "ap-northeast-2" = "600734575887",
+    "ap-northeast-3" = "383597477331",
+    "ap-southeast-1" = "114774131450",
+    "ap-southeast-2" = "783225319266",
+    "ap-south-1"     = "718504428378",
+    "me-south-1"     = "076674570225",
+    "sa-east-1"      = "507241528517",
+    "us-gov-west-1"  = "048591011584",
+    "us-gov-east-1"  = "190560391635",
+    "cn-north-1"     = "638102146993",
+    "cn-northwest-1" = "037604701340"
+  }
+}
\ No newline at end of file
diff --git a/aws/elasticloadbalancing/outputs.tf b/aws/elasticloadbalancing/outputs.tf
new file mode 100644
index 0000000..2547543
--- /dev/null
+++ b/aws/elasticloadbalancing/outputs.tf
@@ -0,0 +1,44 @@
+output "random_string" {
+  value       = random_string.aws_random
+  description = "Random String value created."
+}
+
+output "aws_s3_bucket" {
+  value       = var.source_details.bucket_details.create_bucket ? aws_s3_bucket.s3_bucket : {}
+  description = "AWS S3 Bucket name created to Store the ELB logs."
+}
+
+output "aws_sns_topic" {
+  value       = var.source_details.sns_topic_details.create_sns_topic ? aws_sns_topic.sns_topic : {}
+  description = "AWS SNS topic attached to the AWS S3 bucket."
+}
+
+output "aws_s3_bucket_notification" {
+  value       = var.source_details.sns_topic_details.create_sns_topic && var.source_details.bucket_details.create_bucket ? aws_s3_bucket_notification.bucket_notification : {}
+  description = "AWS S3 Bucket Notification attached to the AWS S3 Bucket"
+}
+
+output "aws_iam_role" {
+  value       = var.source_details.iam_details.create_iam_role ? aws_iam_role.source_iam_role : {}
+  description = "AWS IAM role with permission to allow Sumo Logic to read logs from S3 Bucket."
+}
+
+output "sumologic_collector" {
+  value       = var.create_collector ? sumologic_collector.collector : {}
+  description = "Sumo Logic hosted collector."
+}
+
+output "sumologic_source" {
+  value       = sumologic_elb_source.source
+  description = "Sumo Logic AWS ELB source."
+}
+
+output "aws_sns_subscription" {
+  value       = aws_sns_topic_subscription.subscription
+  description = "AWS SNS subscription to Sumo Logic AWS ELB source."
+}
+
+output "aws_serverlessapplicationrepository_cloudformation_stack" {
+  value       = local.auto_enable_access_logs ? aws_serverlessapplicationrepository_cloudformation_stack.auto_enable_access_logs : {}
+  description = "AWS CloudFormation stack for ALB Auto Enable access logs."
+}
\ No newline at end of file
diff --git a/aws/elasticloadbalancing/templates/elb_bucket_policy.tmpl b/aws/elasticloadbalancing/templates/elb_bucket_policy.tmpl
new file mode 100644
index 0000000..539f2bd
--- /dev/null
+++ b/aws/elasticloadbalancing/templates/elb_bucket_policy.tmpl
@@ -0,0 +1,34 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "AWS": "arn:aws:iam::${ELB_ACCCOUNT_ID}:root"
+      },
+      "Action": "s3:PutObject",
+      "Resource": "arn:aws:s3:::${BUCKET_NAME}/*"
+    },
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "delivery.logs.amazonaws.com"
+      },
+      "Action": "s3:PutObject",
+      "Resource": "arn:aws:s3:::${BUCKET_NAME}/*",
+      "Condition": {
+        "StringEquals": {
+          "s3:x-amz-acl": "bucket-owner-full-control"
+        }
+      }
+    },
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "delivery.logs.amazonaws.com"
+      },
+      "Action": "s3:GetBucketAcl",
+      "Resource": "arn:aws:s3:::${BUCKET_NAME}"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/aws/elasticloadbalancing/templates/sns_topic_policy.tmpl b/aws/elasticloadbalancing/templates/sns_topic_policy.tmpl
new file mode 100644
index 0000000..aba3d32
--- /dev/null
+++ b/aws/elasticloadbalancing/templates/sns_topic_policy.tmpl
@@ -0,0 +1,21 @@
+{
+  "Statement": [
+    {
+      "Action": "sns:Publish",
+      "Condition": {
+        "StringEquals": {
+          "aws:SourceAccount": "${AWS_ACCOUNT}"
+        },
+        "ArnLike": {
+          "aws:SourceArn": "arn:aws:s3:::${BUCKET_NAME}"
+        }
+      },
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "s3.amazonaws.com"
+      },
+      "Resource": "arn:aws:sns:${AWS_REGION}:${AWS_ACCOUNT}:${SNS_TOPIC_NAME}"
+    }
+  ],
+  "Version": "2008-10-17"
+}
\ No newline at end of file
diff --git a/aws/elasticloadbalancing/templates/sumologic_assume_role.tmpl b/aws/elasticloadbalancing/templates/sumologic_assume_role.tmpl
new file mode 100644
index 0000000..6c45f2c
--- /dev/null
+++ b/aws/elasticloadbalancing/templates/sumologic_assume_role.tmpl
@@ -0,0 +1,17 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "AWS": "arn:aws:iam::${SUMO_LOGIC_ACCOUNT_ID}:root"
+      },
+      "Effect": "Allow",
+      "Condition": {
+        "StringEquals": {
+          "sts:ExternalId": "${ENVIRONMENT}:${SUMO_LOGIC_ORG_ID}"
+        }
+      }
+    }
+  ]
+}
\ No newline at end of file
diff --git a/aws/elasticloadbalancing/templates/sumologic_source_policy.tmpl b/aws/elasticloadbalancing/templates/sumologic_source_policy.tmpl
new file mode 100644
index 0000000..cd968b9
--- /dev/null
+++ b/aws/elasticloadbalancing/templates/sumologic_source_policy.tmpl
@@ -0,0 +1,18 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetObject",
+        "s3:GetObjectVersion",
+        "s3:ListBucketVersions",
+        "s3:ListBucket"
+      ],
+      "Resource": [
+        "arn:aws:s3:::${BUCKET_NAME}/*",
+        "arn:aws:s3:::${BUCKET_NAME}"
+      ]
+    }
+  ]
+}
\ No newline at end of file
diff --git a/aws/elasticloadbalancing/variables.tf b/aws/elasticloadbalancing/variables.tf
new file mode 100644
index 0000000..add5f7e
--- /dev/null
+++ b/aws/elasticloadbalancing/variables.tf
@@ -0,0 +1,150 @@
+variable "create_collector" {
+  type        = bool
+  description = "Provide \"true\" if you would like to create the Sumo Logic Collector."
+}
+
+variable "collector_details" {
+  type = object({
+    collector_name = string
+    description    = string
+    fields         = map(string)
+  })
+  description = "Provide details for the Sumo Logic collector. If not provided, then defaults will be used."
+  default = {
+    collector_name = "SumoLogic Elb Collector <Random ID>"
+    description    = "This collector is created using Sumo Logic terraform AWS ELB module to collect AWS elb logs."
+    fields         = {}
+  }
+}
+
+variable "source_details" {
+  type = object({
+    source_name     = string
+    source_category = string
+    collector_id    = string
+    description     = string
+    bucket_details = object({
+      create_bucket        = bool
+      bucket_name          = string
+      path_expression      = string
+      force_destroy_bucket = bool
+    })
+    paused               = bool
+    scan_interval        = string
+    sumo_account_id      = number
+    cutoff_relative_time = string
+    fields               = map(string)
+    iam_details = object({
+      create_iam_role = bool
+      iam_role_arn    = string
+    })
+    sns_topic_details = object({
+      create_sns_topic = bool
+      sns_topic_arn    = string
+    })
+  })
+  description = "Provide details for the Sumo Logic ELB source. If not provided, then defaults will be used."
+  default = {
+    source_name     = "Elb Source"
+    source_category = "Labs/aws/elb"
+    description     = "This source is created using Sumo Logic terraform AWS elb module to collect AWS elb logs."
+    collector_id    = ""
+    bucket_details = {
+      create_bucket        = true
+      bucket_name          = "elb-logs-random-id"
+      path_expression      = "*AWSLogs/<ACCOUNT-ID>/elasticloadbalancing/<REGION-NAME>/*"
+      force_destroy_bucket = true
+    }
+    paused               = false
+    scan_interval        = 300000
+    sumo_account_id      = 926226587429
+    cutoff_relative_time = "-1d"
+    fields               = {}
+    iam_details = {
+      create_iam_role = true
+      iam_role_arn    = null
+    }
+    sns_topic_details = {
+      create_sns_topic = true
+      sns_topic_arn    = null
+    }
+  }
+  validation {
+    condition     = can(regex("[a-z0-9-.]{3,63}$", var.source_details.bucket_details.bucket_name))
+    error_message = "3-63 characters; must contain only lowercase letters, numbers, hyphen or period. For more details - https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html."
+  }
+  validation {
+    condition     = can(regex("-[0-9]{1,}[M|w|d|h|m]{1}$", var.source_details.cutoff_relative_time))
+    error_message = "Cut off relative time can be either months (M), weeks (w), days (d), hours (h), or minutes (m). Use 0m to indicate the current time."
+  }
+}
+
+variable "sumologic_organization_id" {
+  type        = string
+  description = "Appears on the Account Overview page that displays information about your Sumo Logic organization. Used for IAM Role in Sumo Logic AWS Sources."
+
+  validation {
+    condition     = can(regex("\\w+", var.sumologic_organization_id))
+    error_message = "The organization ID must contain valid characters."
+  }
+}
+
+variable "auto_enable_access_logs" {
+  type        = string
+  description = <<EOT
+				New - Automatically enables access logging for newly created ALB resources to collect logs for ALB resources. This does not affect ALB resources already collecting logs.
+				Existing - Automatically enables access logging for existing ALB resources to collect logs for ALB resources.
+				Both - Automatically enables access logging for new and existing ALB resources.
+				None - Skips Automatic access Logging enable for ALB resources.
+		  EOT
+  validation {
+    condition = contains([
+      "New",
+      "Existing",
+      "Both",
+    "None", ], var.auto_enable_access_logs)
+    error_message = "The value must be one of New, Existing, Both and None."
+  }
+  default = "Both"
+}
+
+variable "app_semantic_version" {
+  type        = string
+  description = "Provide the latest version of Serverless Application Repository 'sumologic-s3-logging-auto-enable'."
+  default = "1.0.4"
+}
+
+variable "auto_enable_access_logs_options" {
+  type = object({
+    bucket_prefix          = string
+    auto_enable_logging    = string
+    filter                 = string
+    remove_on_delete_stack = bool
+  })
+
+  description = <<EOT
+		filter - provide a regex to filter the ELB for which access logs should be enabled. Empty means all resources. For eg :- 'Type': 'application'|'type': 'application', will enable access logs for Application load balancer only.
+		remove_on_delete_stack - provide true if you would like to disable access logging when you destroy the terraform resources.
+	EOT
+
+  default = {
+    bucket_prefix          = ""
+    auto_enable_logging    = ""
+    filter                 = ""
+    remove_on_delete_stack = true
+  }
+  validation {
+    condition = contains(["ALB", "ELB"], var.auto_enable_access_logs_options.auto_enable_logging)
+    error_message = "The value must be one of ALB or ELB."
+  }
+}
+
+variable "wait_for_seconds" {
+  type        = number
+  description = <<EOT
+        wait_for_seconds is used to delay sumo logic source creation. This helps persisting IAM role in AWS system.
+        Default value is 180 seconds.
+        If the AWS IAM role is created outside the module, the value can be decreased to 1 second.
+    EOT
+  default     = 180
+}
\ No newline at end of file
diff --git a/aws/elasticloadbalancing/versions.tf b/aws/elasticloadbalancing/versions.tf
new file mode 100644
index 0000000..6039203
--- /dev/null
+++ b/aws/elasticloadbalancing/versions.tf
@@ -0,0 +1,22 @@
+terraform {
+  required_version = ">= 0.13.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.42.0"
+    }
+    sumologic = {
+      version = ">= 2.9.0"
+      source  = "SumoLogic/sumologic"
+    }
+    time = {
+      source  = "hashicorp/time"
+      version = ">=0.7.1"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">=3.1.0"
+    }
+  }
+}
\ No newline at end of file
diff --git a/aws/elb/elb.tf b/aws/elb/elb.tf
index b2b339d..07faacc 100644
--- a/aws/elb/elb.tf
+++ b/aws/elb/elb.tf
@@ -137,14 +137,14 @@ resource "aws_sns_topic_subscription" "subscription" {
 resource "aws_serverlessapplicationrepository_cloudformation_stack" "auto_enable_access_logs" {
   for_each = toset(local.auto_enable_access_logs ? ["auto_enable_access_logs"] : [])
 
-  name             = "Auto-Enable-Access-Logs-${var.auto_enable_access_logs_options.auto_enable_logging}-${random_string.aws_random.id}"
+  name             = "Auto-Enable-Access-Logs-Elb-${random_string.aws_random.id}"
   application_id   = "arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-s3-logging-auto-enable"
-  semantic_version = var.app_semantic_version
+  semantic_version = "1.0.2"
   capabilities     = data.aws_serverlessapplicationrepository_application.app.required_capabilities
   parameters = {
     BucketName                = local.bucket_name
-    BucketPrefix              = var.auto_enable_access_logs_options.bucket_prefix
-    AutoEnableLogging         = var.auto_enable_access_logs_options.auto_enable_logging
+    BucketPrefix              = "elasticloadbalancing"
+    AutoEnableLogging         = "ALB"
     AutoEnableResourceOptions = var.auto_enable_access_logs
     FilterExpression          = var.auto_enable_access_logs_options.filter
     RemoveOnDeleteStack       = var.auto_enable_access_logs_options.remove_on_delete_stack
diff --git a/aws/elb/locals.tf b/aws/elb/locals.tf
index 3dcb21e..84b6391 100644
--- a/aws/elb/locals.tf
+++ b/aws/elb/locals.tf
@@ -14,7 +14,7 @@ locals {
   auto_enable_access_logs = var.auto_enable_access_logs != "None" ? true : false
 
   # If we create the bucket, then get the default PATH expression.
-logs_path_expression = var.source_details.bucket_details.create_bucket ? "*${var.auto_enable_access_logs_options.bucket_prefix}/AWSLogs/${local.aws_account_id}/elasticloadbalancing/${local.aws_region}/*" : var.source_details.bucket_details.path_expression
+  logs_path_expression = var.source_details.bucket_details.create_bucket ? "*AWSLogs/${local.aws_account_id}/elasticloadbalancing/${local.aws_region}/*" : var.source_details.bucket_details.path_expression
 
   region_to_elb_account_id = {
     "us-east-1"      = "127311923021",
diff --git a/aws/elb/variables.tf b/aws/elb/variables.tf
index add5f7e..34d9c9a 100644
--- a/aws/elb/variables.tf
+++ b/aws/elb/variables.tf
@@ -108,16 +108,8 @@ variable "auto_enable_access_logs" {
   default = "Both"
 }
 
-variable "app_semantic_version" {
-  type        = string
-  description = "Provide the latest version of Serverless Application Repository 'sumologic-s3-logging-auto-enable'."
-  default = "1.0.4"
-}
-
 variable "auto_enable_access_logs_options" {
   type = object({
-    bucket_prefix          = string
-    auto_enable_logging    = string
     filter                 = string
     remove_on_delete_stack = bool
   })
@@ -128,15 +120,9 @@ variable "auto_enable_access_logs_options" {
 	EOT
 
   default = {
-    bucket_prefix          = ""
-    auto_enable_logging    = ""
     filter                 = ""
     remove_on_delete_stack = true
   }
-  validation {
-    condition = contains(["ALB", "ELB"], var.auto_enable_access_logs_options.auto_enable_logging)
-    error_message = "The value must be one of ALB or ELB."
-  }
 }
 
 variable "wait_for_seconds" {

From 5e9024b76c7df4e926e6a723dace39580066144d Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <hsharma@sumologic.com>
Date: Tue, 22 Feb 2022 17:09:27 +0530
Subject: [PATCH 3/4] Updating ElasticLoadBalancing Readme

---
 aws/elasticloadbalancing/README.md | 77 ++++++++++++++++++++----------
 1 file changed, 51 insertions(+), 26 deletions(-)

diff --git a/aws/elasticloadbalancing/README.md b/aws/elasticloadbalancing/README.md
index 08002cf..9604a81 100644
--- a/aws/elasticloadbalancing/README.md
+++ b/aws/elasticloadbalancing/README.md
@@ -1,4 +1,4 @@
-# SumoLogic-AWS-Elb
+# SumoLogic-AWS-Elasticloadbalancing
 
 This module is used to create AWS and Sumo Logic resource to collect ELB logs from an AWS S3 bucket. Features include
 - Create AWS S3 bucket or use an existing AWS S3 bucket.
@@ -12,43 +12,68 @@ This module is used to create AWS and Sumo Logic resource to collect ELB logs fr
 
 | Name | Version |
 |------|---------|
-| terraform | >= 0.13.0 |
-| aws | >= 3.42.0 |
-| random | >=3.1.0 |
-| sumologic | >= 2.9.0 |
-| time | >=0.7.1 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.42.0 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >=3.1.0 |
+| <a name="requirement_sumologic"></a> [sumologic](#requirement\_sumologic) | >= 2.9.0 |
+| <a name="requirement_time"></a> [time](#requirement\_time) | >=0.7.1 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | >= 3.42.0 |
-| random | >=3.1.0 |
-| sumologic | >= 2.9.0 |
-| time | >=0.7.1 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.42.0 |
+| <a name="provider_random"></a> [random](#provider\_random) | >=3.1.0 |
+| <a name="provider_sumologic"></a> [sumologic](#provider\_sumologic) | >= 2.9.0 |
+| <a name="provider_time"></a> [time](#provider\_time) | >=0.7.1 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_iam_policy.iam_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_role.source_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_s3_bucket.s3_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
+| [aws_s3_bucket_notification.bucket_notification](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_notification) | resource |
+| [aws_serverlessapplicationrepository_cloudformation_stack.auto_enable_access_logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/serverlessapplicationrepository_cloudformation_stack) | resource |
+| [aws_sns_topic.sns_topic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |
+| [aws_sns_topic_subscription.subscription](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |
+| [random_string.aws_random](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
+| [sumologic_collector.collector](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/collector) | resource |
+| [sumologic_elb_source.source](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/elb_source) | resource |
+| [time_sleep.wait_for_seconds](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_serverlessapplicationrepository_application.app](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/serverlessapplicationrepository_application) | data source |
+| [sumologic_caller_identity.current](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/data-sources/caller_identity) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| auto\_enable\_access\_logs | New - Automatically enables access logging for newly created ALB resources to collect logs for ALB resources. This does not affect ALB resources already collecting logs.<br>                              Existing - Automatically enables access logging for existing ALB resources to collect logs for ALB resources.<br>                               Both - Automatically enables access logging for new and existing ALB resources.<br>                               None - Skips Automatic access Logging enable for ALB resources. | `string` | `"Both"` | no |
-| auto\_enable\_access\_logs\_options | filter - provide a regex to filter the ELB for which access logs should be enabled. Empty means all resources. For eg :- 'Type': 'application'\|'type': 'application', will enable access logs for Application load balancer only.<br>            remove\_on\_delete\_stack - provide true if you would like to disable access logging when you destroy the terraform resources. | <pre>object({<br>    filter                 = string<br>    remove_on_delete_stack = bool<br>  })</pre> | <pre>{<br>  "filter": "",<br>  "remove_on_delete_stack": true<br>}</pre> | no |
-| collector\_details | Provide details for the Sumo Logic collector. If not provided, then defaults will be used. | <pre>object({<br>    collector_name = string<br>    description    = string<br>    fields         = map(string)<br>  })</pre> | <pre>{<br>  "collector_name": "SumoLogic Elb Collector <Random ID>",<br>  "description": "This collector is created using Sumo Logic terraform AWS ELB module to collect AWS elb logs.",<br>  "fields": {}<br>}</pre> | no |
-| create\_collector | Provide "true" if you would like to create the Sumo Logic Collector. | `bool` | n/a | yes |
-| source\_details | Provide details for the Sumo Logic ELB source. If not provided, then defaults will be used. | <pre>object({<br>    source_name     = string<br>    source_category = string<br>    collector_id    = string<br>    description     = string<br>    bucket_details = object({<br>      create_bucket        = bool<br>      bucket_name          = string<br>      path_expression      = string<br>      force_destroy_bucket = bool<br>    })<br>    paused               = bool<br>    scan_interval        = string<br>    sumo_account_id      = number<br>    cutoff_relative_time = string<br>    fields               = map(string)<br>    iam_details = object({<br>      create_iam_role = bool<br>      iam_role_arn    = string<br>    })<br>    sns_topic_details = object({<br>      create_sns_topic = bool<br>      sns_topic_arn    = string<br>    })<br>  })</pre> | <pre>{<br>  "bucket_details": {<br>    "bucket_name": "elb-logs-random-id",<br>    "create_bucket": true,<br>    "force_destroy_bucket": true,<br>    "path_expression": "*AWSLogs/<ACCOUNT-ID>/elasticloadbalancing/<REGION-NAME>/*"<br>  },<br>  "collector_id": "",<br>  "cutoff_relative_time": "-1d",<br>  "description": "This source is created using Sumo Logic terraform AWS elb module to collect AWS elb logs.",<br>  "fields": {},<br>  "iam_details": {<br>    "create_iam_role": true,<br>    "iam_role_arn": null<br>  },<br>  "paused": false,<br>  "scan_interval": 300000,<br>  "sns_topic_details": {<br>    "create_sns_topic": true,<br>    "sns_topic_arn": null<br>  },<br>  "source_category": "Labs/aws/elb",<br>  "source_name": "Elb Source",<br>  "sumo_account_id": 926226587429<br>}</pre> | no |
-| sumologic\_organization\_id | Appears on the Account Overview page that displays information about your Sumo Logic organization. Used for IAM Role in Sumo Logic AWS Sources. | `string` | n/a | yes |
-| wait\_for\_seconds | wait\_for\_seconds is used to delay sumo logic source creation. This helps persisting IAM role in AWS system.<br>        Default value is 180 seconds.<br>        If the AWS IAM role is created outside the module, the value can be decreased to 1 second. | `number` | `180` | no |
+| <a name="input_app_semantic_version"></a> [app\_semantic\_version](#input\_app\_semantic\_version) | Provide the latest version of Serverless Application Repository 'sumologic-s3-logging-auto-enable'. | `string` | `"1.0.4"` | no |
+| <a name="input_auto_enable_access_logs"></a> [auto\_enable\_access\_logs](#input\_auto\_enable\_access\_logs) | New - Automatically enables access logging for newly created ELB resources to collect logs for ELB resources. This does not affect ELB resources already collecting logs.<br>				Existing - Automatically enables access logging for existing ELB resources to collect logs for ELB resources.<br>				Both - Automatically enables access logging for new and existing ELB resources.<br>				None - Skips Automatic access Logging enable for ELB resources. | `string` | `"Both"` | no |
+| <a name="input_auto_enable_access_logs_options"></a> [auto\_enable\_access\_logs\_options](#input\_auto\_enable\_access\_logs\_options) | filter - provide a regex to filter the ELB for which access logs should be enabled. Empty means all resources. For eg :- 'Type': 'application'\|'type': 'application', will enable access logs for Application load balancer only.<br>		remove\_on\_delete\_stack - provide true if you would like to disable access logging when you destroy the terraform resources. | <pre>object({<br>    bucket_prefix          = string<br>    auto_enable_logging    = string<br>    filter                 = string<br>    remove_on_delete_stack = bool<br>  })</pre> | <pre>{<br>  "auto_enable_logging": "",<br>  "bucket_prefix": "",<br>  "filter": "",<br>  "remove_on_delete_stack": true<br>}</pre> | no |
+| <a name="input_collector_details"></a> [collector\_details](#input\_collector\_details) | Provide details for the Sumo Logic collector. If not provided, then defaults will be used. | <pre>object({<br>    collector_name = string<br>    description    = string<br>    fields         = map(string)<br>  })</pre> | <pre>{<br>  "collector_name": "SumoLogic Elb Collector <Random ID>",<br>  "description": "This collector is created using Sumo Logic terraform AWS ELB module to collect AWS elb logs.",<br>  "fields": {}<br>}</pre> | no |
+| <a name="input_create_collector"></a> [create\_collector](#input\_create\_collector) | Provide "true" if you would like to create the Sumo Logic Collector. | `bool` | n/a | yes |
+| <a name="input_source_details"></a> [source\_details](#input\_source\_details) | Provide details for the Sumo Logic ELB source. If not provided, then defaults will be used. | <pre>object({<br>    source_name     = string<br>    source_category = string<br>    collector_id    = string<br>    description     = string<br>    bucket_details = object({<br>      create_bucket        = bool<br>      bucket_name          = string<br>      path_expression      = string<br>      force_destroy_bucket = bool<br>    })<br>    paused               = bool<br>    scan_interval        = string<br>    sumo_account_id      = number<br>    cutoff_relative_time = string<br>    fields               = map(string)<br>    iam_details = object({<br>      create_iam_role = bool<br>      iam_role_arn    = string<br>    })<br>    sns_topic_details = object({<br>      create_sns_topic = bool<br>      sns_topic_arn    = string<br>    })<br>  })</pre> | <pre>{<br>  "bucket_details": {<br>    "bucket_name": "elb-logs-random-id",<br>    "create_bucket": true,<br>    "force_destroy_bucket": true,<br>    "path_expression": "*AWSLogs/<ACCOUNT-ID>/elasticloadbalancing/<REGION-NAME>/*"<br>  },<br>  "collector_id": "",<br>  "cutoff_relative_time": "-1d",<br>  "description": "This source is created using Sumo Logic terraform AWS elb module to collect AWS elb logs.",<br>  "fields": {},<br>  "iam_details": {<br>    "create_iam_role": true,<br>    "iam_role_arn": null<br>  },<br>  "paused": false,<br>  "scan_interval": 300000,<br>  "sns_topic_details": {<br>    "create_sns_topic": true,<br>    "sns_topic_arn": null<br>  },<br>  "source_category": "Labs/aws/elb",<br>  "source_name": "Elb Source",<br>  "sumo_account_id": 926226587429<br>}</pre> | no |
+| <a name="input_sumologic_organization_id"></a> [sumologic\_organization\_id](#input\_sumologic\_organization\_id) | Appears on the Account Overview page that displays information about your Sumo Logic organization. Used for IAM Role in Sumo Logic AWS Sources. | `string` | n/a | yes |
+| <a name="input_wait_for_seconds"></a> [wait\_for\_seconds](#input\_wait\_for\_seconds) | wait\_for\_seconds is used to delay sumo logic source creation. This helps persisting IAM role in AWS system.<br>        Default value is 180 seconds.<br>        If the AWS IAM role is created outside the module, the value can be decreased to 1 second. | `number` | `180` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| aws\_iam\_role | AWS IAM role with permission to allow Sumo Logic to read logs from S3 Bucket. |
-| aws\_s3\_bucket | AWS S3 Bucket name created to Store the ELB logs. |
-| aws\_s3\_bucket\_notification | AWS S3 Bucket Notification attached to the AWS S3 Bucket |
-| aws\_serverlessapplicationrepository\_cloudformation\_stack | AWS CloudFormation stack for ALB Auto Enable access logs. |
-| aws\_sns\_subscription | AWS SNS subscription to Sumo Logic AWS ELB source. |
-| aws\_sns\_topic | AWS SNS topic attached to the AWS S3 bucket. |
-| random\_string | Random String value created. |
-| sumologic\_collector | Sumo Logic hosted collector. |
-| sumologic\_source | Sumo Logic AWS ELB source. |
+| <a name="output_aws_iam_role"></a> [aws\_iam\_role](#output\_aws\_iam\_role) | AWS IAM role with permission to allow Sumo Logic to read logs from S3 Bucket. |
+| <a name="output_aws_s3_bucket"></a> [aws\_s3\_bucket](#output\_aws\_s3\_bucket) | AWS S3 Bucket name created to Store the ELB logs. |
+| <a name="output_aws_s3_bucket_notification"></a> [aws\_s3\_bucket\_notification](#output\_aws\_s3\_bucket\_notification) | AWS S3 Bucket Notification attached to the AWS S3 Bucket |
+| <a name="output_aws_serverlessapplicationrepository_cloudformation_stack"></a> [aws\_serverlessapplicationrepository\_cloudformation\_stack](#output\_aws\_serverlessapplicationrepository\_cloudformation\_stack) | AWS CloudFormation stack for ELB Auto Enable access logs. |
+| <a name="output_aws_sns_subscription"></a> [aws\_sns\_subscription](#output\_aws\_sns\_subscription) | AWS SNS subscription to Sumo Logic AWS ELB source. |
+| <a name="output_aws_sns_topic"></a> [aws\_sns\_topic](#output\_aws\_sns\_topic) | AWS SNS topic attached to the AWS S3 bucket. |
+| <a name="output_random_string"></a> [random\_string](#output\_random\_string) | Random String value created. |
+| <a name="output_sumologic_collector"></a> [sumologic\_collector](#output\_sumologic\_collector) | Sumo Logic hosted collector. |
+| <a name="output_sumologic_source"></a> [sumologic\_source](#output\_sumologic\_source) | Sumo Logic AWS ELB source. |

From 6bd31e6c56c8194746dd9dff7a58c23c90dbe3fe Mon Sep 17 00:00:00 2001
From: Himanshu Sharma <hsharma@sumologic.com>
Date: Fri, 25 Feb 2022 17:17:01 +0530
Subject: [PATCH 4/4] Updating variable description

---
 aws/elasticloadbalancing/outputs.tf   | 2 +-
 aws/elasticloadbalancing/variables.tf | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/aws/elasticloadbalancing/outputs.tf b/aws/elasticloadbalancing/outputs.tf
index 2547543..a3c237e 100644
--- a/aws/elasticloadbalancing/outputs.tf
+++ b/aws/elasticloadbalancing/outputs.tf
@@ -40,5 +40,5 @@ output "aws_sns_subscription" {
 
 output "aws_serverlessapplicationrepository_cloudformation_stack" {
   value       = local.auto_enable_access_logs ? aws_serverlessapplicationrepository_cloudformation_stack.auto_enable_access_logs : {}
-  description = "AWS CloudFormation stack for ALB Auto Enable access logs."
+  description = "AWS CloudFormation stack for ELB Auto Enable access logs."
 }
\ No newline at end of file
diff --git a/aws/elasticloadbalancing/variables.tf b/aws/elasticloadbalancing/variables.tf
index add5f7e..c688de1 100644
--- a/aws/elasticloadbalancing/variables.tf
+++ b/aws/elasticloadbalancing/variables.tf
@@ -92,10 +92,10 @@ variable "sumologic_organization_id" {
 variable "auto_enable_access_logs" {
   type        = string
   description = <<EOT
-				New - Automatically enables access logging for newly created ALB resources to collect logs for ALB resources. This does not affect ALB resources already collecting logs.
-				Existing - Automatically enables access logging for existing ALB resources to collect logs for ALB resources.
-				Both - Automatically enables access logging for new and existing ALB resources.
-				None - Skips Automatic access Logging enable for ALB resources.
+				New - Automatically enables access logging for newly created ELB resources to collect logs for ELB resources. This does not affect ELB resources already collecting logs.
+				Existing - Automatically enables access logging for existing ELB resources to collect logs for ELB resources.
+				Both - Automatically enables access logging for new and existing ELB resources.
+				None - Skips Automatic access Logging enable for ELB resources.
 		  EOT
   validation {
     condition = contains([