Terraform Module to Provide a CloudWatch Logs Endpoint
This is just a continuation of the fix https://github.com/cloudposse/terraform-aws-cloudwatch-logs/pull/38. Prod environment tested. That's how it works correctly.
Fix mistake in policy
The policy is created simply by ARN without the ":" construct, which is necessary to create the correct policy for the role. Without this ":" construct, the policy is created, but it does not work correctly. This error was discovered when I tried to create a cloudwatch group in the cloudtrail module. I got the response "Error: Error updating CloudTrail: InvalidCloudWatchLogsLogGroupArnException: Access denied. Verify in IAM that the role has adequate permissions." After studying the code, I realized that I need to add the construction ":*" in a couple of lines. My solution looks like this, I need to replace the lines in file :
This line: join("", aws_cloudwatch_log_group.default..arn), replaced by "${join("", aws_cloudwatch_log_group.default..arn)}:*" You need to do this in both identical lines.
Perhaps you can suggest a better solution, I'm new to terraforming.
https://github.com/cloudposse/terraform-aws-cloudwatch-logs/issues/37 https://github.com/cloudposse/terraform-aws-cloudwatch-logs/blob/master/iam.tf#L55
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
cloudposse/iam-role/aws (source) | module | patch | 0.16.1 -> 0.16.2 |
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
cloudposse/iam-role/aws (source) | module | minor | 0.14.1 -> 0.15.0 |
v0.15.0
๐ Schedule: At any time (no schedule defined).
๐ฆ Automerge: Disabled by config. Please merge this manually once you are satisfied.
โป Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.
๐ Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
cloudposse/iam-role/aws (source) | module | patch | 0.14.0 -> 0.14.1 |
v0.14.1
๐ Schedule: At any time (no schedule defined).
๐ฆ Automerge: Disabled by config. Please merge this manually once you are satisfied.
โป Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.
๐ Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.
This PR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
cloudposse/iam-role/aws (source) | module | minor | 0.13.0 -> 0.14.0 |
v0.14.0
๐ Schedule: At any time (no schedule defined).
๐ฆ Automerge: Disabled by config. Please merge this manually once you are satisfied.
โป Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.
๐ Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.
provider "aws" {
region = "us-east-2"
}
module "cloudwatch_logs" {
source = "github.com/cloudposse/terraform-aws-cloudwatch-logs?ref=allow-slash-log-group-names"
name = "/aws/kinesisfirehose/aws-waf-logs-dev-app"
}
results in
# module.cloudwatch_logs.aws_cloudwatch_log_group.default[0] will be created
+ resource "aws_cloudwatch_log_group" "default" {
+ arn = (known after apply)
+ id = (known after apply)
+ name = "/aws/kinesisfirehose/aws-waf-logs-dev-app"
+ retention_in_days = 30
+ tags = {
+ "Name" = "/aws/kinesisfirehose/aws-waf-logs-dev-app"
}
+ tags_all = {
+ "Name" = "/aws/kinesisfirehose/aws-waf-logs-dev-app"
}
}
make github/init
.stream_arns
output.make github/init
updates GHA workflow-related files.make github/init
updates context.tf
to the latest distribution from null-label
, which now has new features such as the tenant
label.permissions_boundary
as a parametercloudposse/iam-role/aws
module to version 0.13.0
cloudposse/iam-role/aws
in moduleSigned-off-by: Manuel Morejon [email protected]