From 08fb4dc0e62b14571643cf3e0244f13969185855 Mon Sep 17 00:00:00 2001
From: Alistair Curtis <alistair.curtis@digital.justice.gov.uk>
Date: Thu, 7 Mar 2024 09:34:03 +0000
Subject: [PATCH 1/2] add ec2 instance role for logs

---
 terraform/environments/cdpt-chaps/ecs.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/terraform/environments/cdpt-chaps/ecs.tf b/terraform/environments/cdpt-chaps/ecs.tf
index 523079a28b8..568358b2e1c 100644
--- a/terraform/environments/cdpt-chaps/ecs.tf
+++ b/terraform/environments/cdpt-chaps/ecs.tf
@@ -28,6 +28,7 @@ resource "aws_iam_policy" "ec2_instance_policy" { #tfsec:ignore:aws-iam-no-polic
                 "ecr:BatchGetImage",
                 "logs:CreateLogStream",
                 "logs:PutLogEvents",
+                "logs:DescribeLogGroups",
                 "s3:ListBucket",
                 "s3:*Object*",
                 "kms:Decrypt",

From b33b8b3899509d7de26ba4100ed34fad16bedc6f Mon Sep 17 00:00:00 2001
From: Alistair Curtis <alistair.curtis@digital.justice.gov.uk>
Date: Thu, 7 Mar 2024 09:40:30 +0000
Subject: [PATCH 2/2] remove unsupported variables from bastion_linux

---
 terraform/environments/cdpt-chaps/bastion_linux.tf | 2 --
 1 file changed, 2 deletions(-)

diff --git a/terraform/environments/cdpt-chaps/bastion_linux.tf b/terraform/environments/cdpt-chaps/bastion_linux.tf
index 40d0dd24423..c82d98192f5 100644
--- a/terraform/environments/cdpt-chaps/bastion_linux.tf
+++ b/terraform/environments/cdpt-chaps/bastion_linux.tf
@@ -12,8 +12,6 @@ module "bastion_linux" {
 
   # s3 - used for logs and user ssh public keys
   bucket_name          = "bastion"
-  bucket_versioning    = true
-  bucket_force_destroy = true
   # public keys
   public_key_data = local.public_key_data.keys[local.environment]
   # logs