From 5570fc7c12a15a1b90ce73bea7da78991579c10e Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Wed, 24 Nov 2021 16:06:33 -0500
Subject: [PATCH] move policy to cloudtrail, fix

---
 cloudtrail/README.md     |  1 -
 cloudtrail/cloudtrail.tf |  4 ++--
 cloudtrail/cloudwatch.tf | 34 +++++++++++++++++-----------------
 3 files changed, 19 insertions(+), 20 deletions(-)

diff --git a/cloudtrail/README.md b/cloudtrail/README.md
index d1a9a0d..2ddc7ca 100644
--- a/cloudtrail/README.md
+++ b/cloudtrail/README.md
@@ -86,7 +86,6 @@ No modules.
 | [aws_iam_policy_document.cloudtrail_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.cloudtrail_sqs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.cloudtrail_topic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.cloudwatch_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_kms_key.incoming_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 | [template_file.splunk_cloudtrail](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source |
diff --git a/cloudtrail/cloudtrail.tf b/cloudtrail/cloudtrail.tf
index a36774c..212bca7 100644
--- a/cloudtrail/cloudtrail.tf
+++ b/cloudtrail/cloudtrail.tf
@@ -60,13 +60,13 @@ data "aws_iam_policy_document" "cloudtrail_cloudwatch" {
     sid       = "AWSCloudTrailCreateLogStream"
     effect    = "Allow"
     actions   = ["logs:CreateLogStream"]
-    resources = [local.cloudwatch_resources]
+    resources = [local.resources]
   }
   statement {
     sid       = "AWSCloudTrailPutLogEvents"
     effect    = "Allow"
     actions   = ["logs:PutLogEvents"]
-    resources = [local.cloudwatch_resources]
+    resources = [local.resources]
   }
 }
 
diff --git a/cloudtrail/cloudwatch.tf b/cloudtrail/cloudwatch.tf
index 3b3c00c..cea791d 100644
--- a/cloudtrail/cloudwatch.tf
+++ b/cloudtrail/cloudwatch.tf
@@ -7,25 +7,8 @@ locals {
   resources                = compact([local.cloudwatch_resources, local.org_cloudwatch_resources])
 }
 
-data "aws_iam_policy_document" "cloudwatch_policy" {
-  statement {
-    sid       = "AWSCloudTrailCreateLogStream"
-    effect    = "Allow"
-    actions   = ["logs:CreateLogStream"]
-    resources = local.resources
-  }
-
-  statement {
-    sid       = "AWSCloudTrailPutLogEvents"
-    effect    = "Allow"
-    actions   = ["logs:PutLogEvents"]
-    resources = local.resources
-  }
-}
-
 resource "aws_cloudwatch_log_group" "this" {
   name = local.name
-
   #  kms_key_id        = var.kms_key_id
   kms_key_id = var.kms_key_arn
   # kms_key_id        = data.aws_kms_key.incoming_key.id
@@ -37,3 +20,20 @@ resource "aws_cloudwatch_log_group" "this" {
     map("Name", local.name),
   )
 }
+
+## data "aws_iam_policy_document" "cloudwatch_policy" {
+##   statement {
+##     sid       = "AWSCloudTrailCreateLogStream"
+##     effect    = "Allow"
+##     actions   = ["logs:CreateLogStream"]
+##     resources = local.resources
+##   }
+## 
+##   statement {
+##     sid       = "AWSCloudTrailPutLogEvents"
+##     effect    = "Allow"
+##     actions   = ["logs:PutLogEvents"]
+##     resources = local.resources
+##   }
+## }
+##