Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Fixed permissions for fluentbit #155

Merged
merged 2 commits into from
May 16, 2023
Merged

fix: Fixed permissions for fluentbit #155

merged 2 commits into from
May 16, 2023

Conversation

vara-bonthu
Copy link
Contributor

@vara-bonthu vara-bonthu commented May 16, 2023
edited

What does this PR do?

🛑 Please open an issue first to discuss any significant work and flesh out details/direction - we would hate for your time to be wasted.
Consult the CONTRIBUTING guide for submitting pull-requests.

1/ Fixes the FluentBit IAM policy issue for cloudwatch log group with prefix
2/ Fixes the handling of CW Group name and prefix

Motivation

  • Resolves #

More

  • Yes, I have tested the PR using my local account setup (Provide any test evidence report under Additional Notes)
  • Yes, I ran pre-commit run -a with this PR

For Moderators

  • E2E Test successfully complete before merge?

Additional Notes

@vara-bonthu vara-bonthu requested a review from a team as a code owner May 16, 2023 10:38
vara-bonthu
vara-bonthu commented May 16, 2023
View reviewed changes
main.tf
@@ -515,7 +516,7 @@ data "aws_iam_policy_document" "aws_for_fluentbit" {
sid = "PutLogEvents"
effect = "Allow"
resources = [
"arn:${local.partition}:logs:${local.region}:${local.account_id}:log-group:${try(var.aws_for_fluentbit_cw_log_group.name, "*")}:log-stream:*",
"arn:${local.partition}:logs:${local.region}:${local.account_id}:log-group:${try(var.aws_for_fluentbit_cw_log_group.name, "")}*:log-stream:*",
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

to support log group with prefix as well

vara-bonthu
vara-bonthu commented May 16, 2023
View reviewed changes
main.tf
@@ -527,7 +528,7 @@ data "aws_iam_policy_document" "aws_for_fluentbit" {
sid = "CreateCWLogs"
effect = "Allow"
resources = [
"arn:${local.partition}:logs:${local.region}:${local.account_id}:log-group:${try(var.aws_for_fluentbit_cw_log_group.name, "*")}",
"arn:${local.partition}:logs:${local.region}:${local.account_id}:log-group:${try(var.aws_for_fluentbit_cw_log_group.name, "")}*",
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

to support log group with prefix as well

@bryantbiggs bryantbiggs merged commit 189e3e1 into main May 16, 2023
@bryantbiggs bryantbiggs deleted the fluentbit-fix branch May 16, 2023 13:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bryantbiggs bryantbiggs bryantbiggs approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@vara-bonthu @bryantbiggs