freyjagp/gdb.lgbtqi.app
1
0
Fork 0
forked from github.com/GenderDysphoria.fyi
Code Actions Packages Releases Activity

Fixing broken cloudwatch log permissions

Browse Source
This commit is contained in:
Jocelyn Badgley (Twipped)
2021-03-02 16:20:35 -08:00
parent a73274d74c
commit 1cc9c88a3a
2 changed files with 20 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
terraform/tracking.tf
View File

@@ -30,9 +30,25 @@ resource "aws_s3_bucket_object" "ipixel" {
content_type = "image/gif"
}
data "aws_canonical_user_id" "current" {}
resource "aws_s3_bucket" "ipixel_logs" {
bucket = "${var.site}-analytics"
grant {
id = data.aws_canonical_user_id.current.id
permissions = ["FULL_CONTROL"]
type = "CanonicalUser"
}
grant {
# Grant CloudFront awslogsdelivery logs access to your Amazon S3 Bucket
# https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html#AccessLogsBucketAndFileOwnership
id = "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0"
permissions = ["FULL_CONTROL"]
type = "CanonicalUser"
}
lifecycle_rule {
id = "logfiles"
enabled = true