feat(aws-iot-kinesisfirehose-s3): added custom loggingBucketProps (#480)

* added custom logging bucket props to kinesisfirehose-s3

* added custom logging bucket props to iot-kinesisfirehose-s3

* added log bucket condition in input validation

* Added logS3AccessLogs for enabling/disabling s3 logs

* added cfn suppress rule for no logging

* fix lint issue

* redeploy stack for cfn nag suppress changes

* added logS3AccessLogs flag for iot-kinesisfirehose-s3

* added s3BucketInterface to index and README

Author: mickychetta

source/patterns/@aws-solutions-constructs/aws-iot-kinesisfirehose-s3/README.md

@@ -65,6 +65,8 @@ _Parameters_
 |existingBucketObj?|[`s3.IBucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.IBucket.html)|Existing instance of S3 Bucket object, providing both this and `bucketProps` will cause an error.|
 |bucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|User provided props to override the default props for the S3 Bucket. If this is provided, then also providing bucketProps is an error. |
 |logGroupProps?|[`logs.LogGroupProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-logs.LogGroupProps.html)|User provided props to override the default props for for the CloudWatchLogs LogGroup.|
+|loggingBucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|Optional user provided props to override the default props for the S3 Logging Bucket.|
+|logS3AccessLogs? | boolean|Whether to turn on Access Logging for the S3 bucket. Creates an S3 bucket with associated storage costs for the logs. Enabling Access Logging is a best practice. default - true|
 
 ## Pattern Properties
 
@@ -77,6 +79,7 @@ _Parameters_
 |iotActionsRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for IoT Rule|
 |kinesisFirehoseRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for Kinesis Data Firehose delivery stream|
 |kinesisFirehoseLogGroup|[`logs.LogGroup`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-logs.LogGroup.html)|Returns an instance of the LogGroup created by the construct for Kinesis Data Firehose delivery stream|
+|s3BucketInterface|[`s3.IBucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.IBucket.html)|Returns an instance of s3.IBucket created by the construct|
 
 ## Default settings
 

source/patterns/@aws-solutions-constructs/aws-iot-kinesisfirehose-s3/lib/index.ts

@@ -43,19 +43,32 @@ export interface IotToKinesisFirehoseToS3Props {
    *
    * @default - None
    */
-  readonly existingBucketObj?: s3.IBucket,
+  readonly existingBucketObj?: s3.IBucket;
   /**
    * User provided props to override the default props for the S3 Bucket.
    *
    * @default - Default props are used
    */
-  readonly bucketProps?: s3.BucketProps,
+  readonly bucketProps?: s3.BucketProps;
   /**
    * User provided props to override the default props for the CloudWatchLogs LogGroup.
    *
    * @default - Default props are used
    */
-  readonly logGroupProps?: logs.LogGroupProps
+  readonly logGroupProps?: logs.LogGroupProps;
+  /**
+   * Optional user provided props to override the default props for the S3 Logging Bucket.
+   *
+   * @default - Default props are used
+   */
+   readonly loggingBucketProps?: s3.BucketProps;
+  /**
+   * Whether to turn on Access Logs for the S3 bucket with the associated storage costs.
+   * Enabling Access Logging is a best practice.
+   *
+   * @default - true
+   */
+   readonly logS3AccessLogs?: boolean;
 }
 
 export class IotToKinesisFirehoseToS3 extends Construct {
@@ -66,6 +79,7 @@ export class IotToKinesisFirehoseToS3 extends Construct {
   public readonly s3Bucket?: s3.Bucket;
   public readonly s3LoggingBucket?: s3.Bucket;
   public readonly iotActionsRole: iam.Role;
+  public readonly s3BucketInterface: s3.IBucket;
 
   /**
    * @summary Constructs a new instance of the IotToKinesisFirehoseToS3 class.
@@ -79,18 +93,17 @@ export class IotToKinesisFirehoseToS3 extends Construct {
     super(scope, id);
     defaults.CheckProps(props);
 
-    if (props.existingBucketObj && props.bucketProps) {
-      throw new Error('Cannot specify both bucket properties and an existing bucket');
-    }
-
     const firehoseToS3 = new KinesisFirehoseToS3(this, 'KinesisFirehoseToS3', {
       kinesisFirehoseProps: props.kinesisFirehoseProps,
       existingBucketObj: props.existingBucketObj,
       bucketProps: props.bucketProps,
-      logGroupProps: props.logGroupProps
+      logGroupProps: props.logGroupProps,
+      loggingBucketProps: props.loggingBucketProps,
+      logS3AccessLogs: props.logS3AccessLogs
     });
     this.kinesisFirehose = firehoseToS3.kinesisFirehose;
     this.s3Bucket = firehoseToS3.s3Bucket;
+    this.s3BucketInterface = firehoseToS3.s3BucketInterface;
 
     // Setup the IAM Role for IoT Actions
     this.iotActionsRole = new iam.Role(this, 'IotActionsRole', {