terraform-aws-eventbridge icon indicating copy to clipboard operation
terraform-aws-eventbridge copied to clipboard

Published 20 hours ago β€’ verified publisher icon terraform-aws-modules

CloudWatch target needs resource-based permission

Open breitsmiley opened this issue 1 year ago β€’ 1 comments

Is your request related to a problem? Please describe.

When EventBridge has CloudWatch target - it is not work at all without next resource-based policy for CloudWatch Group:

{
    "Statement": [
        {
            "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Effect": "Allow",
            "Principal": {
                "Service": ["events.amazonaws.com", "delivery.logs.amazonaws.com"]
            },
            "Resource": "arn:aws:logs:region:account:log-group:/aws/events/*:*",
            "Sid": "TrustEventsToStoreLogEvent"
        }
    ],
    "Version": "2012-10-17"
}

Policy above automatically created when adding an EventBridge target via AWS Management Console. Should we add creation of this policy by terraform-aws-eventbridge module ?

Describe the solution you'd like.

Add creation of needed policy by using aws_cloudwatch_log_resource_policy resource in the module.

Describe alternatives you've considered.

Managing separately outside of module

breitsmiley avatar Jul 26 '22 14:07 breitsmiley

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

github-actions[bot] avatar Aug 26 '22 00:08 github-actions[bot]

This issue was automatically closed because of stale in 10 days

github-actions[bot] avatar Sep 06 '22 00:09 github-actions[bot]

I would like this feature. Took me a while to trace this down... Based on the module interface, I expected the Cloudwatch log target to work.

clalexander avatar Jan 13 '23 18:01 clalexander

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

github-actions[bot] avatar Mar 09 '24 02:03 github-actions[bot]