- flowlogs-transit-gateway

- remove need for iam_role_arn (not needed for s3)
terraform-modules · Jul 5, 2023 · 4c50b68 · 4c50b68
1 parent 3fe4f68
commit 4c50b68
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 5 deletions.
diff --git a/flowlogs-transit-gateway/README.md b/flowlogs-transit-gateway/README.md
@@ -86,7 +86,7 @@ No modules.
 | <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default: will pull from current user) | `string` | `""` | no |
 | <a name="input_enable_kinesis"></a> [enable\_kinesis](#input\_enable\_kinesis) | Flag to enable AWS Kinesis streams for flow logs | `bool` | `true` | no |
 | <a name="input_flowlog_bucket_arn"></a> [flowlog\_bucket\_arn](#input\_flowlog\_bucket\_arn) | S3 Bucket to hold the VPC flowlogs | `string` | n/a | yes |
-| <a name="input_flowlog_role_arn"></a> [flowlog\_role\_arn](#input\_flowlog\_role\_arn) | IAM Role with proper permissions to allow writing VPC flowlogs to cloudwatch logs and streamss | `string` | `null` | no |
+| <a name="input_flowlog_role_arn"></a> [flowlog\_role\_arn](#input\_flowlog\_role\_arn) | IAM Role with proper permissions to allow writing VPC flowlogs to cloudwatch logs and streamss | `string` | n/a | yes |
 | <a name="input_label"></a> [label](#input\_label) | Text label associated with the Transit Gateway | `string` | n/a | yes |
 | <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |

diff --git a/flowlogs-transit-gateway/main.tf b/flowlogs-transit-gateway/main.tf
@@ -55,9 +55,9 @@ locals {
 }
 
 resource "aws_flow_log" "flowlog_s3" {
-  log_destination          = format("%v/%v/%v/", var.flowlog_bucket_arn, "tgw", var.label)
-  log_destination_type     = "s3"
-  iam_role_arn             = var.flowlog_role_arn
+  log_destination      = format("%v/%v/%v/", var.flowlog_bucket_arn, "tgw", var.label)
+  log_destination_type = "s3"
+  #   iam_role_arn             = var.flowlog_role_arn
   traffic_type             = "ALL"
   transit_gateway_id       = var.transit_gateway_id
   max_aggregation_interval = 60

diff --git a/flowlogs-transit-gateway/variables.tf b/flowlogs-transit-gateway/variables.tf
@@ -6,7 +6,6 @@ variable "flowlog_bucket_arn" {
 variable "flowlog_role_arn" {
   description = "IAM Role with proper permissions to allow writing VPC flowlogs to cloudwatch logs and streamss"
   type        = string
-  default     = null
 }
 
 variable "transit_gateway_id" {