Skip to content

Commit

Permalink
Merge branch 'master' of github.com:cisagov/crossfeed into 2246-splunk
Browse files Browse the repository at this point in the history
  • Loading branch information
@Matthew-Grayson
Matthew-Grayson committed Sep 29, 2023
2 parents c99deb5 + f617390 commit 4f81d86
Showing 1 changed file with 32 additions and 0 deletions.
32 changes: 32 additions & 0 deletions infrastructure/cloudwatch.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,36 @@ resource "aws_cloudwatch_log_group" "cloudwatch_bucket" {
project = var.project
stage = var.stage
}
}

resource "aws_s3_bucket_policy" "cloudwatch_bucket" {
bucket = aws_s3_bucket.cloudwatch_bucket.id
policy = jsonencode({
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "Allow Cloudwatch to check bucket permissions",
"Effect" : "Allow",
"Principal" : {
"Service" : "logs.amazonaws.com"
},
"Action" : "s3:GetBucketAcl",
"Resource" : "arn:aws:s3:::${var.cloudwatch_bucket_name}"
},
{
"Sid" : "Allow Cloudwatch to write to bucket",
"Effect" : "Allow",
"Principal" : {
"Service" : "logs.amazonaws.com"
},
"Action" : "s3:PutObject",
"Resource" : "arn:aws:s3:::${var.cloudwatch_bucket_name}/*",
"Condition" : {
"StringEquals" : {
"s3:x-amz-acl" : "bucket-owner-full-control"
}
}
}
]
})
}

0 comments on commit 4f81d86

Please sign in to comment.