freyjagp/gdb.lgbtqi.app
1
0
Fork 0
forked from github.com/GenderDysphoria.fyi
Code Actions Packages Releases Activity

Fixing broken cloudwatch log permissions

Browse Source
This commit is contained in:
Jocelyn Badgley (Twipped)
2021-03-02 16:20:35 -08:00
parent a73274d74c
commit 1cc9c88a3a
2 changed files with 20 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
terraform/lambda.tf
View File

@@ -33,11 +33,10 @@ EOF
# -----------------------------------------------------------------------------------------------------------
# IAM Role for Log Parsing Lambda
data "aws_iam_policy_document" "s3_bucket_readonly" {
data "aws_iam_policy_document" "s3_bucket_access" {
statement {
actions = [
"s3:Get*",
"s3:List*",
"s3:*",
]
resources = [
@@ -80,6 +79,7 @@ resource "aws_iam_role_policy_attachment" "ipixel_parser" {
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
}
resource "aws_iam_role_policy" "ipixel_parser_cloudwatch_log_group" {
name = "cloudwatch-log-group"
role = aws_iam_role.ipixel_parser.name
@@ -89,5 +89,5 @@ resource "aws_iam_role_policy" "ipixel_parser_cloudwatch_log_group" {
resource "aws_iam_role_policy" "lambda_s3_bucket_readonly" {
name = "s3-bucket-readonly"
role = aws_iam_role.ipixel_parser.name
policy = data.aws_iam_policy_document.s3_bucket_readonly.json
policy = data.aws_iam_policy_document.s3_bucket_access.json
}