From 4e662aeafa5427a885b00948dc625b8ae55fc648 Mon Sep 17 00:00:00 2001
From: Kilian <kilianc0709@gmail.com>
Date: Sat, 23 Mar 2024 14:05:19 +0100
Subject: [PATCH 1/2] fix: Lambda not having access to it's log group

---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index 5f5ad33..50e2c8d 100644
--- a/main.tf
+++ b/main.tf
@@ -77,7 +77,7 @@ data "aws_iam_policy_document" "log" {
       "logs:PutLogEvents"
     ]
 
-    resources = [aws_cloudwatch_log_group.main[0].arn]
+    resources = ["*"]
   }
 }
 

From ae8734f90ae1f84be39b7432bd663a379276c2ab Mon Sep 17 00:00:00 2001
From: Kilian <kilianc0709@gmail.com>
Date: Sat, 23 Mar 2024 14:12:24 +0100
Subject: [PATCH 2/2] enha: limited CloudWatch permission scope

---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index 50e2c8d..235d522 100644
--- a/main.tf
+++ b/main.tf
@@ -77,7 +77,7 @@ data "aws_iam_policy_document" "log" {
       "logs:PutLogEvents"
     ]
 
-    resources = ["*"]
+    resources = [aws_cloudwatch_log_group.main[0].arn, "${aws_cloudwatch_log_group.main[0].arn}/*"]
   }
 }