always create receipt log groups

cds-snc · Apr 16, 2024 · 68d1be5 · 68d1be5
1 parent 7c3c352
commit 68d1be5
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 9 deletions.
diff --git a/aws/common/cloudwatch_log.tf b/aws/common/cloudwatch_log.tf
@@ -44,18 +44,17 @@ resource "aws_cloudwatch_log_group" "sns_deliveries_failures_us_west_2" {
   }
 }
 
-# We probably always want these log groups as well as the sns ones... Pinpoint / SNS will write to them regardless -\_(ツ)_/-
+# Pinpoint will log delivery receipts here, so it needs to be created
 resource "aws_cloudwatch_log_group" "pinpoint_deliveries" {
-  count             = var.cloudwatch_enabled ? 1 : 1
   name              = "sns/${var.region}/${var.account_id}/PinPointDirectPublishToPhoneNumber"
   retention_in_days = var.sensitive_log_retention_period_days
   tags = {
     CostCenter = "notification-canada-ca-${var.env}"
   }
 }
 
+# Pinpoint will log delivery receipts here, so it needs to be created
 resource "aws_cloudwatch_log_group" "pinpoint_deliveries_failures" {
-  count             = var.cloudwatch_enabled ? 1 : 1
   name              = "sns/${var.region}/${var.account_id}/PinPointDirectPublishToPhoneNumber/Failure"
   retention_in_days = var.sensitive_log_retention_period_days
   tags = {

diff --git a/aws/common/iam.tf b/aws/common/iam.tf
@@ -241,8 +241,8 @@ data "aws_iam_policy_document" "pinpoint_logs" {
       "logs:PutLogEvents"
     ]
     resources = [
-      "${aws_cloudwatch_log_group.pinpoint_deliveries[0].arn}:*",
-      "${aws_cloudwatch_log_group.pinpoint_deliveries_failures[0].arn}:*"
+      "${aws_cloudwatch_log_group.pinpoint_deliveries.arn}:*",
+      "${aws_cloudwatch_log_group.pinpoint_deliveries_failures.arn}:*"
     ]
   }
 }
diff --git a/aws/common/outputs.tf b/aws/common/outputs.tf
@@ -144,19 +144,19 @@ output "sns_deliveries_failures_us_west_2_name" {
 }
 
 output "pinpoint_deliveries_ca_central_arn" {
-  value = var.cloudwatch_enabled ? aws_cloudwatch_log_group.pinpoint_deliveries[0].arn : ""
+  value = var.cloudwatch_enabled ? aws_cloudwatch_log_group.pinpoint_deliveries.arn : ""
 }
 
 output "pinpoint_deliveries_ca_central_name" {
-  value = var.cloudwatch_enabled ? aws_cloudwatch_log_group.pinpoint_deliveries[0].name : ""
+  value = var.cloudwatch_enabled ? aws_cloudwatch_log_group.pinpoint_deliveries.name : ""
 }
 
 output "pinpoint_deliveries_failures_ca_central_arn" {
-  value = var.cloudwatch_enabled ? aws_cloudwatch_log_group.pinpoint_deliveries_failures[0].arn : ""
+  value = var.cloudwatch_enabled ? aws_cloudwatch_log_group.pinpoint_deliveries_failure.arn : ""
 }
 
 output "pinpoint_deliveries_failures_ca_central_name" {
-  value = var.cloudwatch_enabled ? aws_cloudwatch_log_group.pinpoint_deliveries_failures[0].name : ""
+  value = var.cloudwatch_enabled ? aws_cloudwatch_log_group.pinpoint_deliveries_failures.name : ""
 }
 
 output "sqs_notify_internal_tasks_arn" {