Skip to content

Commit

Permalink
fix flowlogs policy
Browse files Browse the repository at this point in the history
  • Loading branch information
chandra authored and chandra committed Nov 11, 2024
1 parent 97ac7ac commit 9d90aa2
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
2 changes: 1 addition & 1 deletion examples/simple/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ module "network" {
name = "arc-poc"
create_internet_geteway = true
enable_vpc_flow_log_to_cloudwatch = true
enable_vpc_flow_log_to_s3 = true
enable_vpc_flow_log_to_s3 = false

availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
cidr_block = "10.0.0.0/16"
Expand Down
3 changes: 2 additions & 1 deletion main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -222,7 +222,8 @@ data "aws_iam_policy_document" "flow_logs_policy" {
"logs:DescribeLogGroups",
"logs:DescribeLogStreams"
]
resources = local.enable_vpc_flow_log_to_cloudwatch && length(aws_cloudwatch_log_group.this) > 0 ? [aws_cloudwatch_log_group.this[0].arn] : ["*"]
resources = local.enable_vpc_flow_log_to_cloudwatch && length(aws_cloudwatch_log_group.this) > 0 ? [aws_cloudwatch_log_group.this[0].arn, "${aws_cloudwatch_log_group.this[0].arn}:*"] : ["*"]

}
}

Expand Down

0 comments on commit 9d90aa2

Please sign in to comment.