Merge pull request #5263 from ministryofjustice/cdpt-chaps-role

add ec2 instance role for logs
ministryofjustice · Mar 7, 2024 · 4532b16 · 4532b16
2 parents c60ed78 + b33b8b3
commit 4532b16
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 2 deletions.
diff --git a/terraform/environments/cdpt-chaps/bastion_linux.tf b/terraform/environments/cdpt-chaps/bastion_linux.tf
@@ -12,8 +12,6 @@ module "bastion_linux" {
 
   # s3 - used for logs and user ssh public keys
   bucket_name          = "bastion"
-  bucket_versioning    = true
-  bucket_force_destroy = true
   # public keys
   public_key_data = local.public_key_data.keys[local.environment]
   # logs

diff --git a/terraform/environments/cdpt-chaps/ecs.tf b/terraform/environments/cdpt-chaps/ecs.tf
@@ -28,6 +28,7 @@ resource "aws_iam_policy" "ec2_instance_policy" { #tfsec:ignore:aws-iam-no-polic
                 "ecr:BatchGetImage",
                 "logs:CreateLogStream",
                 "logs:PutLogEvents",
+                "logs:DescribeLogGroups",
                 "s3:ListBucket",
                 "s3:*Object*",
                 "kms:Decrypt",