Disables Logging in Classic HEC; Adds Notes

To be tagged v3.5.5

base/splunk_servers/indexer_cluster/elb-with-acks.tf

@@ -2,6 +2,14 @@
 # An external ELB for the indexers for HEC, because acknowledgements
 #------------------------------------------------------------------------------
 
+#### NOTE:
+####  Firehose/Kinesis requires a Classic ELB. An ALB is not supported.
+####  See "Data Not Delivered to Splunk" at https://docs.aws.amazon.com/firehose/latest/dev/troubleshooting.html
+####
+####  "If you use an AWS load balancer, make sure that it is a Classic Load Balancer. Kinesis Data Firehose does
+####   not support Application Load Balancers or Network Load Balancers."
+
+
 #########################
 # DNS Entry
 module "public_dns_record_hec_ack" {
@@ -88,10 +96,12 @@ resource "aws_elb" "hec_classiclb" {
     interval            = 30
   }
 
-  access_logs {
-    bucket  = "xdr-elb-${ var.environment }"
-    enabled = true
-  }
+  # Access logs are a feedback loop. They create logs that are then sent back through the HEC.
+  # They should remain disabled.
+  #access_logs {
+  #  bucket  = "xdr-elb-${ var.environment }"
+  #  enabled = true
+  #}
 }
 
 # AWS Firehose / Splunk requirement for ELB cookies to have

base/splunk_servers/indexer_cluster/elb-without-ack.tf

@@ -63,6 +63,13 @@ resource "aws_lb" "hec" {
   security_groups    = [ aws_security_group.hec_elb_security_group.id ]
   subnets            = var.public_subnets
   internal           = false
+
+  # Access logs are a feedback loop. They create logs that are then sent back through the HEC.
+  # They should remain disabled.
+  #access_logs {
+  #  bucket  = "xdr-elb-${ var.environment }"
+  #  enabled = true
+  #}
 }
 
 resource "aws_lb_listener" "hec_443" {