Skip to content

Commit

Permalink
fix: Fixed permissions for fluentbit (#155)
Browse files Browse the repository at this point in the history
  • Loading branch information
vara-bonthu authored May 16, 2023
1 parent ed2474e commit 189e3e1
Showing 1 changed file with 6 additions and 5 deletions.
11 changes: 6 additions & 5 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -494,14 +494,15 @@ module "aws_efs_csi_driver" {
################################################################################

locals {
aws_for_fluentbit_service_account = try(var.aws_for_fluentbit.service_account_name, "aws-for-fluent-bit-sa")
aws_for_fluentbit_service_account = try(var.aws_for_fluentbit.service_account_name, "aws-for-fluent-bit-sa")
aws_for_fluentbit_cw_log_group_name = try(var.aws_for_fluentbit_cw_log_group.create, true) ? try(var.aws_for_fluentbit_cw_log_group.name, "/${var.cluster_name}/aws-fluentbit-logs") : null
}

resource "aws_cloudwatch_log_group" "aws_for_fluentbit" {
count = try(var.aws_for_fluentbit_cw_log_group.create, true) && var.enable_aws_for_fluentbit ? 1 : 0

name = try(var.aws_for_fluentbit_cw_log_group.name, null)
name_prefix = try(var.aws_for_fluentbit_cw_log_group.name_prefix, "/${var.cluster_name}/aws-fluentbit-logs")
name = try(var.aws_for_fluentbit_cw_log_group.use_name_prefix, true) ? null : local.aws_for_fluentbit_cw_log_group_name
name_prefix = try(var.aws_for_fluentbit_cw_log_group.use_name_prefix, true) ? try(var.aws_for_fluentbit_cw_log_group.name_prefix, "${local.aws_for_fluentbit_cw_log_group_name}-") : null
retention_in_days = try(var.aws_for_fluentbit_cw_log_group.retention, 90)
kms_key_id = try(var.aws_for_fluentbit_cw_log_group.kms_key_arn, null)
skip_destroy = try(var.aws_for_fluentbit_cw_log_group.skip_destroy, false)
Expand All @@ -515,7 +516,7 @@ data "aws_iam_policy_document" "aws_for_fluentbit" {
sid = "PutLogEvents"
effect = "Allow"
resources = [
"arn:${local.partition}:logs:${local.region}:${local.account_id}:log-group:${try(var.aws_for_fluentbit_cw_log_group.name, "*")}:log-stream:*",
"arn:${local.partition}:logs:${local.region}:${local.account_id}:log-group:${try(var.aws_for_fluentbit_cw_log_group.name, "")}*:log-stream:*",
]

actions = [
Expand All @@ -527,7 +528,7 @@ data "aws_iam_policy_document" "aws_for_fluentbit" {
sid = "CreateCWLogs"
effect = "Allow"
resources = [
"arn:${local.partition}:logs:${local.region}:${local.account_id}:log-group:${try(var.aws_for_fluentbit_cw_log_group.name, "*")}",
"arn:${local.partition}:logs:${local.region}:${local.account_id}:log-group:${try(var.aws_for_fluentbit_cw_log_group.name, "")}*",
]

actions = [
Expand Down

0 comments on commit 189e3e1

Please sign in to comment.