Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix mistake in policy #38

Merged
merged 2 commits into from
Mar 9, 2023
Merged

Fix mistake in policy #38

merged 2 commits into from
Mar 9, 2023

Conversation

ramses999
Copy link
Contributor

what

Fix mistake in policy

why

The policy is created simply by ARN without the ":" construct, which is necessary to create the correct policy for the role.
Without this ":" construct, the policy is created, but it does not work correctly.
This error was discovered when I tried to create a cloudwatch group in the cloudtrail module.
I got the response "Error: Error updating CloudTrail: InvalidCloudWatchLogsLogGroupArnException: Access denied. Verify in IAM that the role has adequate permissions."
After studying the code, I realized that I need to add the construction ":*" in a couple of lines.
My solution looks like this, I need to replace the lines in file :

This line:
join("", aws_cloudwatch_log_group.default..arn),
replaced by
"${join("", aws_cloudwatch_log_group.default..arn)}:*"
You need to do this in both identical lines.

Perhaps you can suggest a better solution, I'm new to terraforming.

references

#37
https://github.com/cloudposse/terraform-aws-cloudwatch-logs/blob/master/iam.tf#L55

@ramses999 ramses999 requested review from a team as code owners January 27, 2023 15:02
nitrocode
nitrocode previously approved these changes Mar 7, 2023
View reviewed changes
@nitrocode nitrocode dismissed their stale review March 7, 2023 14:21

dismiss until tests

@nitrocode
Copy link
Member

/test all

@ramses999
Copy link
Contributor Author

@nitrocode
Hello, "All checks have passed"

@nitrocode
Copy link
Member

@ramses999 have you verified that this change will fix the issue you're experiencing?

@ramses999
Copy link
Contributor Author

@nitrocode I've been using this fix in a production environment for a couple of months now. It is correct.

1 similar comment
@ramses999
Copy link
Contributor Author

@nitrocode I've been using this fix in a production environment for a couple of months now. It is correct.

@nitrocode nitrocode added the patch A minor, backward compatible change label Mar 9, 2023
@nitrocode nitrocode enabled auto-merge (squash) March 9, 2023 00:59
@nitrocode nitrocode merged commit c17b4b6 into cloudposse:master Mar 9, 2023
@ramses999 ramses999 mentioned this pull request Mar 17, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nitrocode nitrocode nitrocode approved these changes

@Gowiem Gowiem Awaiting requested review from Gowiem Gowiem was automatically assigned from cloudposse/contributors

@dotCipher dotCipher Awaiting requested review from dotCipher dotCipher was automatically assigned from cloudposse/contributors

Assignees
No one assigned
Labels
patch A minor, backward compatible change
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ramses999 @nitrocode @cloudpossebot