From 21b76d46317bd275bfe22465668ae04e3b738a44 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Fri, 24 Feb 2023 17:15:09 -0500
Subject: [PATCH] - flowlogs   - remove iam_role_arn for s3 log destinations to
 avoid this error:     Error: creating Flow Log (vpc-0f791ea1e2bb46924):
 InvalidParameter: DeliverLogsPermissionArn is not applicable for s3 delivery

---
 CHANGELOG.md      |  4 ++++
 common/version.tf |  2 +-
 flowlogs/main.tf  | 12 ++++++------
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cd87c4e..99d23ca 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -256,3 +256,7 @@
 * 2.6.0 -- 2023-02-24
   - share-resources: new submodule
 
+* 2.6.1 -- 2023-02-24
+  - flowlogs
+    - remove iam_role_arn for s3 log destinations to avoid this error:
+      Error: creating Flow Log (vpc-0f791ea1e2bb46924): InvalidParameter: DeliverLogsPermissionArn is not applicable for s3 delivery
diff --git a/common/version.tf b/common/version.tf
index e83ace3..189778a 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,5 +1,5 @@
 locals {
-  _module_version = "2.6.0"
+  _module_version = "2.6.1"
   _module_names = {
     "_main_" = "aws-vpc-setup"
 
diff --git a/flowlogs/main.tf b/flowlogs/main.tf
index 43fa25b..23c7a0b 100644
--- a/flowlogs/main.tf
+++ b/flowlogs/main.tf
@@ -66,9 +66,9 @@ resource "aws_flow_log" "flowlog_public" {
   for_each             = toset(local.public_ids)
   log_destination      = format("%v/%v-%v/", var.flowlog_bucket_arn, var.vpc_full_name, "public")
   log_destination_type = "s3"
-  iam_role_arn         = var.flowlog_role_arn
-  traffic_type         = "ALL"
-  subnet_id            = each.key
+  #  iam_role_arn         = var.flowlog_role_arn
+  traffic_type = "ALL"
+  subnet_id    = each.key
 
   tags = merge(
     local.base_tags,
@@ -81,9 +81,9 @@ resource "aws_flow_log" "flowlog_public" {
 resource "aws_flow_log" "flowlog" {
   log_destination      = format("%v/%v/", var.flowlog_bucket_arn, var.vpc_full_name)
   log_destination_type = "s3"
-  iam_role_arn         = var.flowlog_role_arn
-  traffic_type         = "ALL"
-  vpc_id               = var.vpc_id
+  #  iam_role_arn         = var.flowlog_role_arn
+  traffic_type = "ALL"
+  vpc_id       = var.vpc_id
 
   tags = merge(
     local.base_tags,