Comments (4)
Invertisment
commented on August 16, 2024
For some reason when I logged in it created a new log file and now it logged quite a bunch. I'm not yet sure if it logs if I forward ports though.
from terraform-aws-bastion.
Invertisment
commented on August 16, 2024
No, it doesn't log the database forwarding at all.
I deleted all of the log files and here is a new fresh log after I've forwarded a production DB connection:
Script started on 2022-06-25 16:38:13+0000
�]0;ec2-user@ip-_:~�[ec2-user@ip-_ ~]$ cd /var/log/bastion
�]0;ec2-user@ip-_:/var/log/bastion�[ec2-user@ip-_ bastion]$ ls
2022-06-25_16-38-13_ec2-user_Mkwh3jP8dGfU4Bfu3sRbPiA4NASxxL7M.data
2022-06-25_16-38-13_ec2-user_Mkwh3jP8dGfU4Bfu3sRbPiA4NASxxL7M.time
�]0;ec2-user@ip-_:/var/log/bastion�[ec2-user@ip-_ bastion]$ exit
Script done on 2022-06-25 16:38:21+0000
from terraform-aws-bastion.
Invertisment
commented on August 16, 2024
Also your logging uploads cost money. It's not much but if I'll have multiple bastions then it will start adding up. This is not a good way to do this. It bashes the S3 server with an empty log and stores all of it in the history.
Summary of my Free Tier usage:
I ran the bastion for about a day or two. So if you upload logs every 5 minutes then...
I ran my bastion instance for 63 hours and ir produced 2222 requests to S3 and also the read events as well.
It was because it tried to upload an empty logfile and then it rotated the log and produced multiple log file uploads at once. So in production I expect that you log service would upload hundreds of log history snapshots into S3.
When I deleted the logs then it didn't have anything to be uploaded but there was the small log of me deleting things. So I can't completely cleanup the instance but at least I can go there and remove the logs that I don't need anymore 🤔
from terraform-aws-bastion.
Guimove
commented on August 16, 2024
I apologize for the confusion. Thank you for bringing this issue to our attention and providing detailed information about your experience with the logging functionality. We have investigated the matter and made improvements to the logging mechanism. The issue you encountered with empty log files and incomplete logging should now be resolved in the latest version of the module.
To test the logging functionality, we recommend performing SSH sessions and executing commands within the session. The logs should capture the commands and activities during the SSH session.
Regarding the cost of logging uploads to S3, we understand your concerns. We have taken steps to optimize the logging process and reduce unnecessary log file uploads. Additionally, we have introduced a new configuration variable, enable_logs_s3_sync, which allows you to disable the synchronization of logs to S3 if it is not required in your environment. By setting this variable to false, you can prevent the module from uploading logs to S3 and avoid incurring additional costs.
We appreciate your feedback and patience in helping us improve the module. If you encounter any further issues or have additional questions, please don't hesitate to reach out.
from terraform-aws-bastion.
Related Issues (20)
- Add IPv6 Support to ingress security groups
- IPv6 Support causes existing module to fail HOT 8
- Permission denied (publickey,gssapi-keyex,gssapi-with-mic) HOT 1
- sync users not running HOT 7
- attach existing security group id HOT 2
- Unable To Set "Instance Metadata Service Version 2" HOT 1
- [BUG] Parameter private_ssh_port not used in aws_lb_target_group HOT 1
- Issue when loging "Cannot open /var/log/bastiont..." HOT 2
- SSH Host-Key Pinning? HOT 2
- Error: error creating S3 bucket ACL "AccessControlListNotSupported" -Recent AWS change causing issues- HOT 3
- Bug - v3.0.3 fails to run HOT 2
- Bug - v3.0.4 Doesn't run when create_elb=false
- Bug - Incompatible with v5.0.0 of terraform-aws-modules/vpc/aws HOT 3
- Bug - v3.0.6 - No ingress rule when no ELB used
- Feature: Add an option to enable MFA to the bastion hosts
- When enable_http_endpoint is set to false user_data are not executed
- user_data.sh assumes AMI is Amazon Linux
- Documentation fix for bastion_host_security_group
- ValidationError: You must use a valid fully-formed launch template. he key pair 'pxxx-sxx_key_pair' does not exist
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-aws-bastion.