feat(elasticloadbalancingv2): health check logs for ALB#36227
Open
ren-yamanashi wants to merge 18 commits intoaws:mainfrom
Open
feat(elasticloadbalancingv2): health check logs for ALB#36227ren-yamanashi wants to merge 18 commits intoaws:mainfrom
ren-yamanashi wants to merge 18 commits intoaws:mainfrom
Conversation
github-actions
bot
added
p2
valued-contributor
ren-yamanashi
changed the title
aws-cdk-automation
previously requested changes
Nov 27, 2025
ren-yamanashi
commented
Nov 28, 2025
| bucket.addToResourcePolicy( | ||
| new PolicyStatement({ | ||
| actions: ['s3:PutObject'], | ||
| principals: [this.resourcePolicyPrincipal()], |
Contributor
Author
There was a problem hiding this comment.
This code is followed logConnectionLogs method.
The key point when use resourcePolicyPrincipal method, this public method (logHealthCheckLogs) needs specified region on the stack.
But, based on the documents I think we can choice don't use resourcePolicyPrincipal method like here code.
(see: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-health-check-logging.html)
principals: [new iam.ServicePrincipal('logdelivery.elasticloadbalancing.amazonaws.com')],And when we choice it, not needs specified region on the stack.
Q. Which I choice? Use resourcePolicyPrincipal method? or not use?
Current situation is not same when implementation logConnectionLogs method, so I want advice for you.
Contributor
Author
There was a problem hiding this comment.
What could you think about this?
Contributor
There was a problem hiding this comment.
Personally, I’d prefer to implement it using the ServicePrincipal method, but I think it’s better to align with the existing implementation…
For now, let’s keep the current implementation as is, and could you discuss this with the maintainers again?
Contributor
Author
There was a problem hiding this comment.
Okay. I follow you.
ren-yamanashi
commented
Nov 28, 2025
packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts
Show resolved
Hide resolved
aws-cdk-automation
dismissed
their stale review
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
…feat/alb-healthcheck-log
ren-yamanashi
commented
Nov 29, 2025
packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts
Show resolved
Hide resolved
aws-cdk-automation
added
the
pr/needs-community-review
badmintoncryer
suggested changes
Dec 2, 2025
Contributor
badmintoncryer
left a comment
badmintoncryer
left a comment
There was a problem hiding this comment.
Thank you for your contribution! I've added some comments.
...cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.enable-acl.ts
Outdated
Show resolved
Hide resolved
...cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.enable-acl.ts
Outdated
Show resolved
Hide resolved
...cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.enable-acl.ts
Outdated
Show resolved
Hide resolved
...cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.enable-acl.ts
Outdated
Show resolved
Hide resolved
packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts
Show resolved
Hide resolved
packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts
Outdated
Show resolved
Hide resolved
packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts
Show resolved
Hide resolved
aws-cdk-automation
removed
pr/needs-community-review
…feat/alb-healthcheck-log
Contributor
|
||||||||||||||||||||||||||||||||||||||||||
Contributor
|
||||||||||||||||||||||||||||||||||||||||||
ren-yamanashi
commented
Dec 6, 2025
Contributor
Author
ren-yamanashi
left a comment
ren-yamanashi
left a comment
There was a problem hiding this comment.
Thanks review! I fixed and reply your comments.
packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts
Outdated
Show resolved
Hide resolved
| bucket.addToResourcePolicy( | ||
| new PolicyStatement({ | ||
| actions: ['s3:PutObject'], | ||
| principals: [this.resourcePolicyPrincipal()], |
Contributor
Author
There was a problem hiding this comment.
What could you think about this?
...cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.enable-acl.ts
Outdated
Show resolved
Hide resolved
Contributor
badmintoncryer
left a comment
badmintoncryer
left a comment
There was a problem hiding this comment.
Thanks! I've replied your comments.
ren-yamanashi
force-pushed
the
feat/alb-healthcheck-log
branch
from
062cbf1 to
db0fccd
Compare
Contributor
Author
|
I fixed! Please confirm |
added 2 commits
December 7, 2025 10:57
…feat/alb-healthcheck-log
badmintoncryer
approved these changes
Dec 7, 2025
Contributor
|
Thank you for your great work! |
aws-cdk-automation
added
the
pr/needs-maintainer-review
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR is similar to #30599
Reason for this change
ALB can output health check logs as well as access logs to the S3 bucket, but this is not yet supported by L2 Construct.
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-health-check-logging.html
Description of changes
Since health check logs are not supported by NLB, but only by ALB, the
logHealthCheckLogsmethod is added to theApplicationLoadBalancerinstead of theBaseLoadBalancer.The needed BucketPolicy is described in the documentation only as follows.
{ "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "logdelivery.elasticloadbalancing.amazonaws.com" }, "Action": "s3:PutObject", "Resource": "arn:aws:s3:::amzn-s3-demo-bucket/prefix/AWSLogs/123456789012/*" } ] }Description of how you validated changes
add unit tests and integ tests.
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license