move policy to cloudtrail, fix

terraform-modules · Nov 24, 2021 · 5570fc7 · 5570fc7
1 parent 71ae191
commit 5570fc7
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 20 deletions.
diff --git a/cloudtrail/README.md b/cloudtrail/README.md
@@ -86,7 +86,6 @@ No modules.
 | [aws_iam_policy_document.cloudtrail_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.cloudtrail_sqs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.cloudtrail_topic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.cloudwatch_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_kms_key.incoming_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 | [template_file.splunk_cloudtrail](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source |

diff --git a/cloudtrail/cloudtrail.tf b/cloudtrail/cloudtrail.tf
@@ -60,13 +60,13 @@ data "aws_iam_policy_document" "cloudtrail_cloudwatch" {
     sid       = "AWSCloudTrailCreateLogStream"
     effect    = "Allow"
     actions   = ["logs:CreateLogStream"]
-    resources = [local.cloudwatch_resources]
+    resources = [local.resources]
   }
   statement {
     sid       = "AWSCloudTrailPutLogEvents"
     effect    = "Allow"
     actions   = ["logs:PutLogEvents"]
-    resources = [local.cloudwatch_resources]
+    resources = [local.resources]
   }
 }
 

diff --git a/cloudtrail/cloudwatch.tf b/cloudtrail/cloudwatch.tf
@@ -7,25 +7,8 @@ locals {
   resources                = compact([local.cloudwatch_resources, local.org_cloudwatch_resources])
 }
 
-data "aws_iam_policy_document" "cloudwatch_policy" {
-  statement {
-    sid       = "AWSCloudTrailCreateLogStream"
-    effect    = "Allow"
-    actions   = ["logs:CreateLogStream"]
-    resources = local.resources
-  }
-
-  statement {
-    sid       = "AWSCloudTrailPutLogEvents"
-    effect    = "Allow"
-    actions   = ["logs:PutLogEvents"]
-    resources = local.resources
-  }
-}
-
 resource "aws_cloudwatch_log_group" "this" {
   name = local.name
-
   #  kms_key_id        = var.kms_key_id
   kms_key_id = var.kms_key_arn
   # kms_key_id        = data.aws_kms_key.incoming_key.id
@@ -37,3 +20,20 @@ resource "aws_cloudwatch_log_group" "this" {
     map("Name", local.name),
   )
 }
+
+## data "aws_iam_policy_document" "cloudwatch_policy" {
+##   statement {
+##     sid       = "AWSCloudTrailCreateLogStream"
+##     effect    = "Allow"
+##     actions   = ["logs:CreateLogStream"]
+##     resources = local.resources
+##   }
+## 
+##   statement {
+##     sid       = "AWSCloudTrailPutLogEvents"
+##     effect    = "Allow"
+##     actions   = ["logs:PutLogEvents"]
+##     resources = local.resources
+##   }
+## }
+##