- flowlogs

- remove iam_role_arn for s3 log destinations to avoid this error: Error: creating Flow Log (vpc-0f791ea1e2bb46924): InvalidParameter: DeliverLogsPermissionArn is not applicable for s3 delivery
terraform-modules · Feb 24, 2023 · 21b76d4 · 21b76d4
1 parent d763a38
commit 21b76d4
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -256,3 +256,7 @@
 * 2.6.0 -- 2023-02-24
   - share-resources: new submodule
 
+* 2.6.1 -- 2023-02-24
+  - flowlogs
+    - remove iam_role_arn for s3 log destinations to avoid this error:
+      Error: creating Flow Log (vpc-0f791ea1e2bb46924): InvalidParameter: DeliverLogsPermissionArn is not applicable for s3 delivery
diff --git a/common/version.tf b/common/version.tf
@@ -1,5 +1,5 @@
 locals {
-  _module_version = "2.6.0"
+  _module_version = "2.6.1"
   _module_names = {
     "_main_" = "aws-vpc-setup"
 

diff --git a/flowlogs/main.tf b/flowlogs/main.tf
@@ -66,9 +66,9 @@ resource "aws_flow_log" "flowlog_public" {
   for_each             = toset(local.public_ids)
   log_destination      = format("%v/%v-%v/", var.flowlog_bucket_arn, var.vpc_full_name, "public")
   log_destination_type = "s3"
-  iam_role_arn         = var.flowlog_role_arn
-  traffic_type         = "ALL"
-  subnet_id            = each.key
+  #  iam_role_arn         = var.flowlog_role_arn
+  traffic_type = "ALL"
+  subnet_id    = each.key
 
   tags = merge(
     local.base_tags,
@@ -81,9 +81,9 @@ resource "aws_flow_log" "flowlog_public" {
 resource "aws_flow_log" "flowlog" {
   log_destination      = format("%v/%v/", var.flowlog_bucket_arn, var.vpc_full_name)
   log_destination_type = "s3"
-  iam_role_arn         = var.flowlog_role_arn
-  traffic_type         = "ALL"
-  vpc_id               = var.vpc_id
+  #  iam_role_arn         = var.flowlog_role_arn
+  traffic_type = "ALL"
+  vpc_id       = var.vpc_id
 
   tags = merge(
     local.base_tags,