ADD an S3 bucket (pds_nucleus_auth_alb_logs_bucket_logs) to enable lo…

…gging for pds_nucleus_auth_alb_logs bucket for additional audit trails as per SonarQube suggestions.

Refer to issue: #123

terraform/terraform-modules/cognito-auth/cognito-auth.tf

@@ -30,6 +30,50 @@ resource "aws_s3_bucket" "pds_nucleus_auth_alb_logs" {
   bucket = "pds-nucleus-auth-alb-logs"
 }
 
+resource "aws_s3_bucket_logging" "pds_nucleus_auth_alb_logs_bucket_logging" {
+  bucket = aws_s3_bucket.pds_nucleus_auth_alb_logs.id
+
+  target_bucket = aws_s3_bucket.pds_nucleus_auth_alb_logs.id
+  target_prefix = "auth-alb-logs-bucket-logs"
+}
+
+#  logging bucket for pds_nucleus_auth_alb_logs bucket
+resource "aws_s3_bucket" "pds_nucleus_auth_alb_logs_bucket_logs" {
+  bucket = "pds-nucleus-auth-alb-logs-bucket-logs"
+}
+
+data "aws_iam_policy_document" "pds_nucleus_auth_alb_logs_bucket_logs_bucket_policy" {
+  statement {
+    sid    = "s3-log-delivery"
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["logging.s3.amazonaws.com"]
+    }
+
+    actions = ["s3:PutObject"]
+
+    resources = [
+      "${aws_s3_bucket.pds_nucleus_auth_alb_logs_bucket_logs.arn}/*",
+    ]
+  }
+}
+
+resource "aws_s3_bucket_policy" "pds_nucleus_auth_alb_logs_bucket_logs_policy" {
+  bucket = aws_s3_bucket.pds_nucleus_auth_alb_logs_bucket_logs.id
+  policy = data.aws_iam_policy_document.pds_nucleus_auth_alb_logs_bucket_logs_bucket_policy.json
+}
+
+resource "aws_s3_bucket_public_access_block" "pds_nucleus_auth_alb_logs_public_access_block" {
+  bucket = aws_s3_bucket.pds_nucleus_auth_alb_logs.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
+
 data "aws_iam_policy_document" "pds_nucleus_auth_alb_logs_s3_bucket_policy" {
   statement {
     effect = "Allow"