feat: Add Glue catalog table for ALB connection logs

Author: Rahul-4480

locals.tf

@@ -1,156 +1,89 @@
 locals {
-  query_results_bucket_location = "s3://${var.query_results_bucket}/output/"
-  alb_logs_bucket_location      = "s3://${var.s3_bucket_name}/${var.s3_log_prefix}"
-  input_format                  = "org.apache.hadoop.mapred.TextInputFormat"
-  output_format                 = "org.apache.hadoop.hive.ql.io.HiveIgnoreKeyTextOutputFormat"
-  ser_de_name                   = "alb-logs-serde"
-  ser_de_library                = "org.apache.hadoop.hive.serde2.RegexSerDe"
-  ser_de_parameters = {
-    "serialization.format" = "1"
-    "input.regex"          = "([^ ]*) ([^ ]*) ([^ ]*) ([^ ]*):([0-9]*) ([^ ]*)[:-]([0-9]*) ([-.0-9]*) ([-.0-9]*) ([-.0-9]*) (|[-0-9]*) (-|[-0-9]*) ([-0-9]*) ([-0-9]*) \"([^ ]*) (.*) (- |[^ ]*)\" \"([^\"]*)\" ([A-Z0-9-_]+) ([A-Za-z0-9.-]*) ([^ ]*) \"([^\"]*)\" \"([^\"]*)\" \"([^\"]*)\" ([-.0-9]*) ([^ ]*) \"([^\"]*)\" \"([^\"]*)\" \"([^ ]*)\" \"([^\\s]+?)\" \"([^\\s]+)\" \"([^ ]*)\" \"([^ ]*)\" ?([^ ]*)?"
-  }
-  table_type = "EXTERNAL_TABLE"
-  parameters = {
-    "classification" = "log"
-    "typeOfData"     = "awsALBLogs"
-  }
+  query_results_bucket_location            = "s3://${var.query_results_bucket}/output/"
+  force_destroy_value                      = true
+  publish_cloudwatch_metrics_enabled_value = false
+
+  tables = {
+    alb_access_logs = {
+      location                     = "s3://${var.s3_bucket_name}/alb-access-logs/"
+      ser_de_name                  = "alb-access-logs-serde"
+      ser_de_serialization_library = "org.apache.hadoop.hive.serde2.RegexSerDe"
+      ser_de_params = {
+        "serialization.format" = "1"
+        "input.regex"          = "([^ ]*) ([^ ]*) ([^ ]*) ([^ ]*):([0-9]*) ([^ ]*)[:-]([0-9]*) ([-.0-9]*) ([-.0-9]*) ([-.0-9]*) (|[-0-9]*) (-|[-0-9]*) ([-0-9]*) ([-0-9]*) \"([^ ]*) (.*) (- |[^ ]*)\" \"([^\"]*)\" ([A-Z0-9-_]+) ([A-Za-z0-9.-]*) ([^ ]*) \"([^\"]*)\" \"([^\"]*)\" \"([^\"]*)\" ([-.0-9]*) ([^ ]*) \"([^\"]*)\" \"([^\"]*)\" \"([^ ]*)\" \"([^\\s]+?)\" \"([^\\s]+)\" \"([^ ]*)\" \"([^ ]*)\" ?([^ ]*)?"
+      }
+      columns = [
+        { name = "type", type = "string" },
+        { name = "time", type = "string" },
+        { name = "elb", type = "string" },
+        { name = "client_ip", type = "string" },
+        { name = "client_port", type = "int" },
+        { name = "target_ip", type = "string" },
+        { name = "target_port", type = "int" },
+        { name = "request_processing_time", type = "double" },
+        { name = "target_processing_time", type = "double" },
+        { name = "response_processing_time", type = "double" },
+        { name = "elb_status_code", type = "int" },
+        { name = "target_status_code", type = "string" },
+        { name = "received_bytes", type = "bigint" },
+        { name = "sent_bytes", type = "bigint" },
+        { name = "request_verb", type = "string" },
+        { name = "request_url", type = "string" },
+        { name = "request_proto", type = "string" },
+        { name = "user_agent", type = "string" },
+        { name = "ssl_cipher", type = "string" },
+        { name = "ssl_protocol", type = "string" },
+        { name = "target_group_arn", type = "string" },
+        { name = "trace_id", type = "string" },
+        { name = "domain_name", type = "string" },
+        { name = "chosen_cert_arn", type = "string" },
+        { name = "matched_rule_priority", type = "string" },
+        { name = "request_creation_time", type = "string" },
+        { name = "actions_executed", type = "string" },
+        { name = "redirect_url", type = "string" },
+        { name = "lambda_error_reason", type = "string" },
+        { name = "target_port_list", type = "string" },
+        { name = "target_status_code_list", type = "string" },
+        { name = "classification", type = "string" },
+        { name = "classification_reason", type = "string" },
+        { name = "conn_trace_id", type = "string" }
+      ]
+      parameters = {
+        "classification" = "log"
+        "typeOfData"     = "awsALBAccessLogs"
+      }
+    }
 
-  table_columns = [
-    {
-      name = "type"
-      type = "string"
-    },
-    {
-      name = "time"
-      type = "string"
-    },
-    {
-      name = "elb"
-      type = "string"
-    },
-    {
-      name = "client_ip"
-      type = "string"
-    },
-    {
-      name = "client_port"
-      type = "int"
-    },
-    {
-      name = "target_ip"
-      type = "string"
-    },
-    {
-      name = "target_port"
-      type = "int"
-    },
-    {
-      name = "request_processing_time"
-      type = "double"
-    },
-    {
-      name = "target_processing_time"
-      type = "double"
-    },
-    {
-      name = "response_processing_time"
-      type = "double"
-    },
-    {
-      name = "elb_status_code"
-      type = "int"
-    },
-    {
-      name = "target_status_code"
-      type = "string"
-    },
-    {
-      name = "received_bytes"
-      type = "bigint"
-    },
-    {
-      name = "sent_bytes"
-      type = "bigint"
-    },
-    {
-      name = "request_verb"
-      type = "string"
-    },
-    {
-      name = "request_url"
-      type = "string"
-    },
-    {
-      name = "request_proto"
-      type = "string"
-    },
-    {
-      name = "user_agent"
-      type = "string"
-    },
-    {
-      name = "ssl_cipher"
-      type = "string"
-    },
-    {
-      name = "ssl_protocol"
-      type = "string"
-    },
-    {
-      name = "target_group_arn"
-      type = "string"
-    },
-    {
-      name = "trace_id"
-      type = "string"
-    },
-    {
-      name = "domain_name"
-      type = "string"
-    },
-    {
-      name = "chosen_cert_arn"
-      type = "string"
-    },
-    {
-      name = "matched_rule_priority"
-      type = "string"
-    },
-    {
-      name = "request_creation_time"
-      type = "string"
-    },
-    {
-      name = "actions_executed"
-      type = "string"
-    },
-    {
-      name = "redirect_url"
-      type = "string"
-    },
-    {
-      name = "lambda_error_reason"
-      type = "string"
-    },
-    {
-      name = "target_port_list"
-      type = "string"
-    },
-    {
-      name = "target_status_code_list"
-      type = "string"
-    },
-    {
-      name = "classification"
-      type = "string"
-    },
-    {
-      name = "classification_reason"
-      type = "string"
-    },
-    {
-      name = "conn_trace_id"
-      type = "string"
+    alb_connection_logs = {
+      location                     = "s3://${var.s3_bucket_name}/alb-connection-logs/"
+      ser_de_name                  = "alb-connection-logs-serde"
+      ser_de_serialization_library = "org.apache.hadoop.hive.serde2.RegexSerDe"
+      ser_de_params = {
+        "serialization.format" = "1"
+        "input.regex"          = "([^ ]*) ([^ ]*) ([0-9]*) ([0-9]*) ([A-Za-z0-9.-]*) ([^ ]*) ([-.0-9]*) \"([^\"]*)\" ([^ ]*) ([^ ]*) ([^ ]*) ?([^ ]*)?( .*)?"
+      }
+      columns = [
+        { name = "time", type = "string" },
+        { name = "client_ip", type = "string" },
+        { name = "client_port", type = "int" },
+        { name = "listener_port", type = "int" },
+        { name = "tls_protocol", type = "string" },
+        { name = "tls_cipher", type = "string" },
+        { name = "tls_handshake_latency", type = "double" },
+        { name = "leaf_client_cert_subject", type = "string" },
+        { name = "leaf_client_cert_validity", type = "string" },
+        { name = "leaf_client_cert_serial_number", type = "string" },
+        { name = "tls_verify_status", type = "string" },
+        { name = "conn_trace_id", type = "string" }
+      ]
+      parameters = {
+        "classification" = "log"
+        "typeOfData"     = "awsALBConnectionLogs"
+      }
     }
-  ]
+  }
+
+  input_format  = "org.apache.hadoop.mapred.TextInputFormat"
+  output_format = "org.apache.hadoop.hive.ql.io.HiveIgnoreKeyTextOutputFormat"
+  table_type    = "EXTERNAL_TABLE"
 }

main.tf

@@ -1,9 +1,9 @@
 resource "aws_athena_workgroup" "this" {
   name          = var.workgroup_name
-  force_destroy = true
+  force_destroy = local.force_destroy_value
 
   configuration {
-    publish_cloudwatch_metrics_enabled = false
+    publish_cloudwatch_metrics_enabled = local.publish_cloudwatch_metrics_enabled_value
 
     result_configuration {
       output_location = local.query_results_bucket_location
@@ -15,26 +15,27 @@ resource "aws_glue_catalog_database" "this" {
   name = var.database_name
 }
 
-resource "aws_glue_catalog_table" "this" {
-  name          = var.table_name
+resource "aws_glue_catalog_table" "alb_logs" {
+  for_each      = local.tables
+  name          = each.key
   database_name = aws_glue_catalog_database.this.name
   table_type    = local.table_type
-  parameters    = local.parameters
+  parameters    = each.value.parameters
 
   storage_descriptor {
-    location      = local.alb_logs_bucket_location
+    location      = each.value.location
     input_format  = local.input_format
     output_format = local.output_format
 
     ser_de_info {
-      name                  = local.ser_de_name
-      serialization_library = local.ser_de_library
+      name                  = each.value.ser_de_name
+      serialization_library = each.value.ser_de_serialization_library
 
-      parameters = local.ser_de_parameters
+      parameters = each.value.ser_de_params
     }
 
     dynamic "columns" {
-      for_each = local.table_columns
+      for_each = each.value.columns
       content {
         name = columns.value.name
         type = columns.value.type

variables.tf

@@ -13,17 +13,7 @@ variable "database_name" {
   type        = string
 }
 
-variable "table_name" {
-  description = "The name of the Athena table to query ALB logs."
-  type        = string
-}
-
 variable "s3_bucket_name" {
   description = "The name of the S3 bucket where ALB logs are stored."
   type        = string
 }
-
-variable "s3_log_prefix" {
-  description = "The prefix within the S3 bucket where ALB logs are stored (e.g., 'AWSLogs/')."
-  type        = string
-}