Skip to content

Commit

Permalink
Add aws broker tag log groups perm (#1813)
Browse files Browse the repository at this point in the history 
* add permission for tagging cloudwatch log groups for aws-broker resources

* allow tagging log groups for opensearch and RDS
  • Loading branch information
@markdboyd
markdboyd authored Dec 20, 2024
1 parent 1ed0b82 commit 9a43c7d
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions terraform/modules/iam_role_policy/aws_broker/policy.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -199,6 +199,16 @@
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"logs:TagResource"
],
"Resource": [
"arn:${aws_partition}:logs:${aws_default_region}:${account_id}:log-group:/aws/rds/instance/cg-aws-broker*/*",
"arn:${aws_partition}:logs:${aws_default_region}:${account_id}:log-group:/aws/OpenSearchService/domains/cg-broker*/*"
]
}
]
}

0 comments on commit 9a43c7d

Please sign in to comment.