From c15096b2db101554c8e0006c84599bcfaaecc43f Mon Sep 17 00:00:00 2001
From: Matthew <106278637+Matthew-Grayson@users.noreply.github.com>
Date: Fri, 25 Aug 2023 13:37:15 -0500
Subject: [PATCH] 2118 au 05 audit process migrate logs to s3 buckets (#2197)

* Add logstream wildcard to cloudwatch group arn
* Refactor cloudtrail to deliver logs to separate buckets for prod and staging
---
 infrastructure/cloudtrail.tf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/infrastructure/cloudtrail.tf b/infrastructure/cloudtrail.tf
index 0312a4d0f..b4f6d695e 100644
--- a/infrastructure/cloudtrail.tf
+++ b/infrastructure/cloudtrail.tf
@@ -1,6 +1,6 @@
 
-resource "aws_cloudwatch_log_group" "all" {
-  name              = var.logging_bucket_name
+resource "aws_cloudwatch_log_group" "cloudtrail" {
+  name              = "crossfeed-${var.stage}-cloudtrail-logs"
   retention_in_days = 3653
   kms_key_id        = aws_kms_key.key.arn
   tags = {
@@ -13,7 +13,7 @@ resource "aws_cloudtrail" "all-events" {
   name                       = "all-events"
   s3_bucket_name             = var.logging_bucket_name
   cloud_watch_logs_role_arn  = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${var.logging_bucket_name}-cloudtrail-role"
-  cloud_watch_logs_group_arn = aws_cloudwatch_log_group.all.arn
+  cloud_watch_logs_group_arn = "${aws_cloudwatch_log_group.cloudtrail.arn}:*"
   tags = {
     Project = var.project
     Stage   = var.stage