diff --git a/.tool-versions b/.tool-versions
index 9abd826..7ac5094 100644
--- a/.tool-versions
+++ b/.tool-versions
@@ -5,7 +5,7 @@ nodejs 22.15.1
pre-commit 3.6.0
terraform 1.10.1
terraform-docs 0.19.0
-trivy 0.61.0
+trivy 0.69.2
vale 3.6.0
# python 3.13.2
diff --git a/infrastructure/terraform/modules/eventpub/README.md b/infrastructure/terraform/modules/eventpub/README.md
index 66d08ca..0fdf4ed 100644
--- a/infrastructure/terraform/modules/eventpub/README.md
+++ b/infrastructure/terraform/modules/eventpub/README.md
@@ -11,6 +11,7 @@
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
+| [access\_logging\_bucket](#input\_access\_logging\_bucket) | S3 Access logging bucket name. | `string` | `""` | no |
| [additional\_policies\_for\_event\_cache\_bucket](#input\_additional\_policies\_for\_event\_cache\_bucket) | A list of JSON policies to use to build the bucket policy | `list(string)` | `[]` | no |
| [aws\_account\_id](#input\_aws\_account\_id) | The AWS Account ID (numeric) | `string` | n/a | yes |
| [component](#input\_component) | The name of the terraformscaffold component calling this module | `string` | n/a | yes |
@@ -41,7 +42,7 @@
| Name | Source | Version |
|------|--------|---------|
-| [s3bucket\_event\_cache](#module\_s3bucket\_event\_cache) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.30/terraform-s3bucket.zip | n/a |
+| [s3bucket\_event\_cache](#module\_s3bucket\_event\_cache) | https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/3.0.3/terraform-s3bucket.zip | n/a |
## Outputs
| Name | Description |
diff --git a/infrastructure/terraform/modules/eventpub/module_s3bucket_event_cache.tf b/infrastructure/terraform/modules/eventpub/module_s3bucket_event_cache.tf
index e05761d..4124502 100644
--- a/infrastructure/terraform/modules/eventpub/module_s3bucket_event_cache.tf
+++ b/infrastructure/terraform/modules/eventpub/module_s3bucket_event_cache.tf
@@ -1,5 +1,5 @@
module "s3bucket_event_cache" {
- source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/v2.0.30/terraform-s3bucket.zip"
+ source = "https://github.com/NHSDigital/nhs-notify-shared-modules/releases/download/3.0.3/terraform-s3bucket.zip"
count = var.enable_event_cache ? 1 : 0
@@ -41,6 +41,11 @@ module "s3bucket_event_cache" {
var.additional_policies_for_event_cache_bucket
)
+ bucket_logging_target = {
+ bucket = "${var.access_logging_bucket}"
+ }
+
+
public_access = {
block_public_acls = true
block_public_policy = true
diff --git a/infrastructure/terraform/modules/eventpub/variables.tf b/infrastructure/terraform/modules/eventpub/variables.tf
index 7bdaa30..7dc7db0 100644
--- a/infrastructure/terraform/modules/eventpub/variables.tf
+++ b/infrastructure/terraform/modules/eventpub/variables.tf
@@ -153,3 +153,9 @@ variable "event_publishing_anomaly_band_width" {
description = "The width of the anomaly detection band. Higher values (e.g. 4-6) reduce sensitivity and noise, lower values (e.g. 2-3) increase sensitivity. Recommended: 2-4."
default = 5
}
+
+variable "access_logging_bucket" {
+ type = string
+ description = "S3 Access logging bucket name."
+ default = ""
+}