From a82faa238071f022e922ba0b70117209f93da326 Mon Sep 17 00:00:00 2001
From: Drew Dresser <adresser@flagshippioneering.com>
Date: Tue, 1 Nov 2022 09:29:28 -0400
Subject: [PATCH 1/2] Add logs:TagLogGroup permission to the log group role
 used by the custom resource to create log groups

---
 src/deployments/cdk/src/deployments/iam/log-group-role.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/deployments/cdk/src/deployments/iam/log-group-role.ts b/src/deployments/cdk/src/deployments/iam/log-group-role.ts
index faf67209a..94c51cbf0 100644
--- a/src/deployments/cdk/src/deployments/iam/log-group-role.ts
+++ b/src/deployments/cdk/src/deployments/iam/log-group-role.ts
@@ -46,6 +46,7 @@ async function createRole(stack: AccountStack) {
         'logs:DeleteRetentionPolicy',
         'logs:DescribeLogGroups',
         'logs:AssociateKmsKey',
+        'logs:TagLogGroup'
       ],
       resources: ['*'],
     }),

From eb8d7c97d92400349de582e445c630b62c841fa2 Mon Sep 17 00:00:00 2001
From: Drew Dresser <andrewjdresser@gmail.com>
Date: Tue, 1 Nov 2022 10:22:11 -0400
Subject: [PATCH 2/2] Add trailing comma

---
 src/deployments/cdk/src/deployments/iam/log-group-role.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/deployments/cdk/src/deployments/iam/log-group-role.ts b/src/deployments/cdk/src/deployments/iam/log-group-role.ts
index 94c51cbf0..1d28147d7 100644
--- a/src/deployments/cdk/src/deployments/iam/log-group-role.ts
+++ b/src/deployments/cdk/src/deployments/iam/log-group-role.ts
@@ -46,7 +46,7 @@ async function createRole(stack: AccountStack) {
         'logs:DeleteRetentionPolicy',
         'logs:DescribeLogGroups',
         'logs:AssociateKmsKey',
-        'logs:TagLogGroup'
+        'logs:TagLogGroup',
       ],
       resources: ['*'],
     }),