Terraform Aws Cloudwatch Logs Versions Save

Terraform Module to Provide a CloudWatch Logs Endpoint

v0.6.8

9 months ago

🚀 Enhancements

Fix mistake in policy. Part2 @ramses999 (#39)

what

This is just a continuation of the fix https://github.com/cloudposse/terraform-aws-cloudwatch-logs/pull/38. Prod environment tested. That's how it works correctly.

0.6.7

1 year ago

🚀 Enhancements

Fix mistake in policy @ramses999 (#38)

what

Fix mistake in policy

why

The policy is created simply by ARN without the ":" construct, which is necessary to create the correct policy for the role. Without this ":" construct, the policy is created, but it does not work correctly. This error was discovered when I tried to create a cloudwatch group in the cloudtrail module. I got the response "Error: Error updating CloudTrail: InvalidCloudWatchLogsLogGroupArnException: Access denied. Verify in IAM that the role has adequate permissions." After studying the code, I realized that I need to add the construction ":*" in a couple of lines. My solution looks like this, I need to replace the lines in file :

This line: join("", aws_cloudwatch_log_group.default..arn), replaced by "${join("", aws_cloudwatch_log_group.default..arn)}:*" You need to do this in both identical lines.

Perhaps you can suggest a better solution, I'm new to terraforming.

references

https://github.com/cloudposse/terraform-aws-cloudwatch-logs/issues/37 https://github.com/cloudposse/terraform-aws-cloudwatch-logs/blob/master/iam.tf#L55

0.6.6

1 year ago

🤖 Automatic Updates

Update Terraform cloudposse/iam-role/aws to v0.16.2 @renovate (#33)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/iam-role/aws (source)	module	patch	`0.16.1` -> `0.16.2`

0.6.5

2 years ago

🚀 Enhancements

Add policy boundary and enable_tags for iam resouces @jamengual (#32)

what

Add policy boundary to cloudwatch IAM resources
Updating to new tags_enabled variable from I am role module

why

to pass policy_boundary and to add the ability to disable tags for IAM resources

references

https://github.com/cloudposse/terraform-aws-iam-role/pull/44

0.6.4

2 years ago

🤖 Automatic Updates

Update Terraform cloudposse/iam-role/aws to v0.15.0 @renovate (#29)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/iam-role/aws (source)	module	minor	`0.14.1` -> `0.15.0`

Release Notes

cloudposse/terraform-aws-iam-role

`v0.15.0`

Compare Source

allow to set role and policy path @1david5 (#40)

#### what * Add `path` argument to role and policy resources #### why * Allow users to set path for role and policy

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

0.6.3

2 years ago

🤖 Automatic Updates

Update Terraform cloudposse/iam-role/aws to v0.14.1 @renovate (#28)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/iam-role/aws (source)	module	patch	`0.14.0` -> `0.14.1`

Release Notes

cloudposse/terraform-aws-iam-role

`v0.14.1`

Compare Source

Fix: Fix Variable Description Typo for `var.use_fullname` @korenyoni (#36)

#### what * Fix variable description typo introduced in #35 for `var.use_fullname` #### why * Minor typo (unmatched right bracket). #### references * #35

Drop unused null provider @Xerkus (#34)

#### what * Drop `hashicorp/null` provider from dependencies #### why * As far as I can tell the null provider is not used and I do not think it is needed for any kind of indirect dependency * I think it was needed at some point for terraform-null-label #### references * Closes #31

Fix: fix variable description for `var.use_fullname`, run `make github/init` @korenyoni (#35)

#### what - Fix variable description for `var.use_fullname`. - Run `make github/init`. #### why - The `var.use_fullname` variable description is incorrect and refers to ECR repositories instead of IAM roles. - Running `make github/init` will update GHA-workflow related files (and CODEOWNERS), the former of which is required for the `no-release` label (which allows for consolidating multiple small PRs such as this into one release). #### references * N/A

#### 🚀 Enhancements

Add tags to policy @nitrocode (#37)

#### what * Add tags to policy #### why * Tag it all #### references N/A

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

0.6.2

2 years ago

🤖 Automatic Updates

Update Terraform cloudposse/iam-role/aws to v0.14.0 @renovate (#27)

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/iam-role/aws (source)	module	minor	`0.13.0` -> `0.14.0`

Release Notes

cloudposse/terraform-aws-iam-role

`v0.14.0`

Compare Source

Add assume role policy conditions and managed iam policies @sebastianmacarescu (#33)

#### what * option to attach AWS Managed IAM policies to created role * option to add conditions to trust policy #### why * we should be able to use aws managed policies (or any other policies) and not create new ones dedicated for this role * we should be able to add conditions on who can assume this role (mfa enabled, be part of organization, specific session name, etc) #### references * closes #24 * documentation for conditions: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document * documentation for conditions in trust role policies: https://aws.amazon.com/blogs/security/how-to-use-trust-policies-with-iam-roles/

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

0.6.1

2 years ago

Docs: Fix usage snippet (missing source attribute) @korenyoni (#25)

what

Fix usage snippet (missing source attribute)
Fix module block name in usage snippet (does not match module name)

why

The usage snippet is incorrect (missing source attribute and does not match module name)

references

🚀 Enhancements

Allow slash in log group names @nitrocode (#26)

what

Custom label for cloudwatch log group name

why

Allow slash in log group names

references

https://sweetops.slack.com/archives/CB6GHNLG0/p1636985722167300

test

provider "aws" {
  region = "us-east-2"
}

module "cloudwatch_logs" {
  source = "github.com/cloudposse/terraform-aws-cloudwatch-logs?ref=allow-slash-log-group-names"

  name = "/aws/kinesisfirehose/aws-waf-logs-dev-app"
}

results in

  # module.cloudwatch_logs.aws_cloudwatch_log_group.default[0] will be created
  + resource "aws_cloudwatch_log_group" "default" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + name              = "/aws/kinesisfirehose/aws-waf-logs-dev-app"
      + retention_in_days = 30
      + tags              = {
          + "Name" = "/aws/kinesisfirehose/aws-waf-logs-dev-app"
        }
      + tags_all          = {
          + "Name" = "/aws/kinesisfirehose/aws-waf-logs-dev-app"
        }
    }

0.6.0

2 years ago

🚀 Enhancements

Feat: Make IAM Role Optional @korenyoni (#24)

what

Make IAM role conditional on feature flag.
Run make github/init.
Fix unintentional nested array in stream_arns output.
Fix usage snippet such that it conforms with other modules.

why

Not all CloudWatch Logs log group use cases require an IAM role meant for assumption by an EC2 instance. The IAM role should be conditional.
Running make github/init updates GHA workflow-related files.
Running make github/init updates context.tf to the latest distribution from null-label, which now has new features such as the tenant label.

references

https://github.com/cloudposse/terraform-null-label/releases/tag/0.25.0

0.5.0

2 years ago

Add permissions_boundary as a variable @mmorejon (#23)

what

Add permissions_boundary as a parameter
Upgrade cloudposse/iam-role/aws module to version 0.13.0

why

This parameter is missing in the module as an option.

references

PR cloudposse/iam-role/aws in module

Signed-off-by: Manuel Morejon [email protected]