File tree Expand file tree Collapse file tree 1 file changed +7
-6
lines changed
modules/integrations/cloud-logs Expand file tree Collapse file tree 1 file changed +7
-6
lines changed Original file line number Diff line number Diff line change @@ -27,7 +27,6 @@ data "sysdig_secure_tenant_external_id" "external_id" {}
2727locals {
2828 account_id_hash = substr (md5 (data. aws_caller_identity . current . account_id ), 0 , 4 )
2929 role_name = " ${ var . name } -${ random_id . suffix . hex } -${ local . account_id_hash } "
30-
3130 bucket_arn = regex (" ^([^/]+)" . folder_arn )[0 ]
3231}
3332
@@ -43,12 +42,14 @@ resource "random_id" "suffix" {
4342resource "aws_iam_role" "cloudlogs_s3_access" {
4443 name = . role_name
4544 tags = . tags
46-
4745 assume_role_policy = . aws_iam_policy_document . assume_cloudlogs_s3_access_role . json
48- inline_policy {
49- name = " cloudlogs_s3_access_policy"
50- policy = . aws_iam_policy_document . cloudlogs_s3_access . json
51- }
46+ }
47+
48+ // AWS IAM Role Policy that will be used by CloudIngestion to access the CloudTrail-associated s3 bucket
49+ resource "aws_iam_role_policy" "cloudlogs_s3_access_policy" {
50+ name = " cloudlogs_s3_access_policy"
51+ role = . cloudlogs_s3_access . name
52+ policy = . aws_iam_policy_document . cloudlogs_s3_access . json
5253}
5354
5455# IAM Policy Document used for the assume role policy
You can’t perform that action at this time.
0 commit comments