Skip to content

Commit

Permalink
added wildcard to arn target
Browse files Browse the repository at this point in the history
  • Loading branch information
DrizzlyOwl committed Dec 14, 2022
1 parent 71317ee commit 9b99f7c
Showing 1 changed file with 15 additions and 19 deletions.
34 changes: 15 additions & 19 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -16,40 +16,40 @@ data "aws_iam_policy_document" "bucket" {
effect = "Allow"

principals {
type = "Service"
type = "Service"
identifiers = ["cloudtrail.amazonaws.com"]
}

actions = ["s3:GetBucketAcl"]
actions = ["s3:GetBucketAcl"]
resources = ["arn:aws:s3:::${local.bucketname}"]
}

statement {
effect = "Allow"

principals {
type = "Service"
type = "Service"
identifiers = ["cloudtrail.amazonaws.com"]
}

actions = ["s3:PutObject"]
actions = ["s3:PutObject"]
resources = ["arn:aws:s3:::${local.bucketname}/*"]

condition {
test = "StringEquals"
test = "StringEquals"
variable = "s3:x-amz-acl"
values = ["bucket-owner-full-control"]
values = ["bucket-owner-full-control"]
}
}
}

data "aws_iam_policy_document" "assume_role" {
statement {
effect = "Allow"
sid = ""
sid = ""

principals {
type = "Service"
type = "Service"
identifiers = ["cloudtrail.amazonaws.com"]
}

Expand All @@ -59,15 +59,11 @@ data "aws_iam_policy_document" "assume_role" {

data "aws_iam_policy_document" "logs" {
statement {
effect = "Allow"
actions = ["logs:CreateLogStream"]
resources = [aws_cloudwatch_log_group.cloudtrail.arn]
}

statement {
effect = "Allow"
actions = ["logs:PutLogEvents"]
resources = [aws_cloudwatch_log_group.cloudtrail.arn]
effect = "Allow"
actions = ["logs:CreateLogStream", "logs:PutLogEvents"]
resources = [
"${aws_cloudwatch_log_group.cloudtrail.arn}:*"
]
}
}

Expand Down Expand Up @@ -112,8 +108,8 @@ resource "aws_iam_role" "cloudtrail_cloudwatch_logs_role" {
}

resource "aws_iam_policy" "cloudtrail_cloudwatch_logs_policy" {
name = "${var.namespace}-cloudtrail-cloudwatch-logs"
path = "/"
name = "${var.namespace}-cloudtrail-cloudwatch-logs"
path = "/"
policy = data.aws_iam_policy_document.logs.json
}

Expand Down

0 comments on commit 9b99f7c

Please sign in to comment.