tf_aws_elasticsearch icon indicating copy to clipboard operation
tf_aws_elasticsearch copied to clipboard

Published 20 hours ago verified publisher icon terraform-community-modules

General Question on cloudwatch logs

Open skadem07 opened this issue 4 years ago • 0 comments

I'm working on creating es with log groups. But i have noticed that when using AWS console, a cloudwatch resource policy is created by default.

image

But when creating through terraform, there is no parameter to either specify to use existing policy or create new policy.

So i just defined my resource policy

data "aws_iam_policy_document" "elasticsearch-log-publishing-policy" {
  statement {
    actions = [
      "logs:CreateLogStream",
      "logs:PutLogEvents",
      "logs:PutLogEventsBatch",
    ]

    resources = ["arn:aws:logs:*"]

    principals {
      identifiers = ["es.amazonaws.com"]
      type        = "Service"
    }
  }
}

resource "aws_cloudwatch_log_resource_policy" "elasticsearch-log-publishing-policy" {
  policy_document = "${data.aws_iam_policy_document.elasticsearch-log-publishing-policy.json}"
  policy_name     = "elasticsearch-log-publishing-policy"
}

But getting this below error

11:58:07 * aws_cloudwatch_log_resource_policy.elasticsearch-log-publishing-policy: Writing CloudWatch log resource policy failed: LimitExceededException: Resource limit exceeded.
11:58:07 * aws_elasticsearch_domain.es2: 1 error(s) occurred:

Can someone pls help me on how to proceed.

skadem07 avatar Jan 10 '21 18:01 skadem07