1.6.10: flowlog, fix arn on s3 flowlog

terraform-modules · Feb 24, 2023 · 5f8f70e · 5f8f70e
1 parent 7b4ef52
commit 5f8f70e
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -140,3 +140,8 @@
 * 1.6.9 -- 2022-09-13
   - subnet
     - add arn to output
+
+* 1.6.10 -- 2023-02-24
+  - flowlogs
+    - remove iam_role_arn for s3 log destinations to avoid this error:
+      Error: creating Flow Log (vpc-0f791ea1e2bb46924): InvalidParameter: DeliverLogsPermissionArn is not applicable for s3 delivery
diff --git a/common/version.tf b/common/version.tf
@@ -1,5 +1,5 @@
 locals {
-  _module_version = "1.6.9"
+  _module_version = "1.6.10"
   _module_names = {
     "_main_" = "aws-vpc-setup"
 

diff --git a/flowlogs/main.tf b/flowlogs/main.tf
@@ -66,9 +66,9 @@ resource "aws_flow_log" "flowlog_public" {
   for_each             = toset(local.public_ids)
   log_destination      = format("%v/%v-%v/", var.flowlog_bucket_arn, var.vpc_full_name, "public")
   log_destination_type = "s3"
-  iam_role_arn         = var.flowlog_role_arn
-  traffic_type         = "ALL"
-  subnet_id            = each.key
+  #  iam_role_arn         = var.flowlog_role_arn
+  traffic_type = "ALL"
+  subnet_id    = each.key
 
   tags = merge(
     local.base_tags,
@@ -81,9 +81,9 @@ resource "aws_flow_log" "flowlog_public" {
 resource "aws_flow_log" "flowlog" {
   log_destination      = format("%v/%v/", var.flowlog_bucket_arn, var.vpc_full_name)
   log_destination_type = "s3"
-  iam_role_arn         = var.flowlog_role_arn
-  traffic_type         = "ALL"
-  vpc_id               = var.vpc_id
+  #  iam_role_arn         = var.flowlog_role_arn
+  traffic_type = "ALL"
+  vpc_id       = var.vpc_id
 
   tags = merge(
     local.base_tags,