Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: global allowed region permissions for s3 logging & quicksight #198

Merged
merged 1 commit into from
Jan 17, 2024
Merged

fix: global allowed region permissions for s3 logging & quicksight #198

merged 1 commit into from
Jan 17, 2024

Conversation

Plork
Copy link
Contributor

@Plork Plork commented Jan 17, 2024

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 17, 2024
edited
Loading

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Lint 📖success

Terraform Validation 🤖success

Validation Output 

Success! The configuration is valid.

@Plork Plork changed the title permissions needed for waf logging feat: permissions needed for waf logging Jan 17, 2024
@Plork Plork added the feature New feature or request label Jan 17, 2024
@Plork Plork changed the title feat: permissions needed for waf logging fix: permissions needed for waf logging Jan 17, 2024
@Plork Plork added fix Something isn't working and removed feature New feature or request labels Jan 17, 2024
@Plork Plork changed the title fix: permissions needed for waf logging fix: permissions needed for waf s3 logging Jan 17, 2024
@github-actions github-actions bot added the bug Something isn't working label Jan 17, 2024
@Plork @marwinbaumannsbp
permissions needed for waf logging
f136f9b 
https://docs.aws.amazon.com/waf/latest/developerguide/logging-s3.html#logging-s3-permissions

Tested by removing the SCP from the root organisation and running TF. After detaching the policy the plan succeeds.

With the SCP attached you see:

AccessDeniedException: You don't have the permissions that are required to perform this operation. status code: 400
@marwinbaumannsbp marwinbaumannsbp changed the title fix: permissions needed for waf s3 logging fix: permissions needed for waf s3 logging & quicksight Jan 17, 2024
@marwinbaumannsbp marwinbaumannsbp changed the title fix: permissions needed for waf s3 logging & quicksight fix: global allowed region permissions for s3 logging & quicksight Jan 17, 2024
@Plork Plork merged commit cf59393 into master Jan 17, 2024
7 checks passed
@Plork Plork deleted the allow_waf_logging branch January 17, 2024 14:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marwinbaumannsbp marwinbaumannsbp marwinbaumannsbp approved these changes

Assignees
No one assigned
Labels
bug Something isn't working fix Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Plork @marwinbaumannsbp