Remove CreateLogGroup permission from service role #8
Commits on Jan 6, 2021
-
Remove CreateLogGroup permission from service role
This permission is not needed because we create the log group with Terraform so the VPC Flow Logs service doesn’t need to do it. On the other hand having this permission causes a bug where, on `terraform destroy` the log group will be destroyed, but then if there is still a few messages in a VPC Flow Logs queue the managed service will see that the log group does not exist and create it again using. You’ll then have the log group lingering after the tf destroy, which can cause trouble if you try to `terraform apply` again with the same name: the log group will be already existing and your apply will fail. Not having the permission prevents that as the managed service will not be able to recreate the log group after the tf destroy.
Commits on Apr 5, 2021
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.