Releases: cloudposse/terraform-aws-cloudwatch-logs
v0.6.8
v0.6.7
🚀 Enhancements
Fix mistake in policy @ramses999 (#38)
what
Fix mistake in policy
why
The policy is created simply by ARN without the ":" construct, which is necessary to create the correct policy for the role.
Without this ":" construct, the policy is created, but it does not work correctly.
This error was discovered when I tried to create a cloudwatch group in the cloudtrail module.
I got the response "Error: Error updating CloudTrail: InvalidCloudWatchLogsLogGroupArnException: Access denied. Verify in IAM that the role has adequate permissions."
After studying the code, I realized that I need to add the construction ":*" in a couple of lines.
My solution looks like this, I need to replace the lines in file :
This line:
join("", aws_cloudwatch_log_group.default..arn),
replaced by
"${join("", aws_cloudwatch_log_group.default..arn)}:*"
You need to do this in both identical lines.
Perhaps you can suggest a better solution, I'm new to terraforming.
references
#37
https://github.com/cloudposse/terraform-aws-cloudwatch-logs/blob/master/iam.tf#L55
Contributors
Assets 2
v0.6.6
🤖 Automatic Updates
Update Terraform cloudposse/iam-role/aws to v0.16.2 @renovate (#33)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/iam-role/aws (source) | module | patch | 0.16.1 -> 0.16.2 |
Contributors
Assets 2
v0.6.5
🚀 Enhancements
Add policy boundary and enable_tags for iam resouces @jamengual (#32)
what
- Add policy boundary to cloudwatch IAM resources
- Updating to new tags_enabled variable from I am role module
why
- to pass policy_boundary and to add the ability to disable tags for IAM resources
references
Contributors
Assets 2
v0.6.4
🤖 Automatic Updates
Update Terraform cloudposse/iam-role/aws to v0.15.0 @renovate (#29)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/iam-role/aws (source) | module | minor | 0.14.1 -> 0.15.0 |
Release Notes
cloudposse/terraform-aws-iam-role
v0.15.0
allow to set role and policy path @1david5 (#40)
#### what * Add `path` argument to role and policy resources #### why * Allow users to set path for role and policyConfiguration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- If you want to rebase/retry this PR, click this checkbox.
This PR has been generated by WhiteSource Renovate. View repository job log here.
Contributors
Assets 2
v0.6.3
🤖 Automatic Updates
Update Terraform cloudposse/iam-role/aws to v0.14.1 @renovate (#28)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/iam-role/aws (source) | module | patch | 0.14.0 -> 0.14.1 |
Release Notes
cloudposse/terraform-aws-iam-role
v0.14.1
Fix: Fix Variable Description Typo for `var.use_fullname` @korenyoni (#36)
#### what * Fix variable description typo introduced in #35 for `var.use_fullname` #### why * Minor typo (unmatched right bracket). #### references * #35Drop unused null provider @Xerkus (#34)
#### what * Drop `hashicorp/null` provider from dependencies #### why * As far as I can tell the null provider is not used and I do not think it is needed for any kind of indirect dependency * I think it was needed at some point for terraform-null-label #### references * Closes #31Fix: fix variable description for `var.use_fullname`, run `make github/init` @korenyoni (#35)
#### what - Fix variable description for `var.use_fullname`. - Run `make github/init`. #### why - The `var.use_fullname` variable description is incorrect and refers to ECR repositories instead of IAM roles. - Running `make github/init` will update GHA-workflow related files (and CODEOWNERS), the former of which is required for the `no-release` label (which allows for consolidating multiple small PRs such as this into one release). #### references * N/AAdd tags to policy @nitrocode (#37)
#### what * Add tags to policy #### why * Tag it all #### references N/AConfiguration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- If you want to rebase/retry this PR, click this checkbox.
This PR has been generated by WhiteSource Renovate. View repository job log here.
Contributors
Assets 2
v0.6.2
🤖 Automatic Updates
Update Terraform cloudposse/iam-role/aws to v0.14.0 @renovate (#27)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cloudposse/iam-role/aws (source) | module | minor | 0.13.0 -> 0.14.0 |
Release Notes
cloudposse/terraform-aws-iam-role
v0.14.0
Add assume role policy conditions and managed iam policies @sebastianmacarescu (#33)
#### what * option to attach AWS Managed IAM policies to created role * option to add conditions to trust policy #### why * we should be able to use aws managed policies (or any other policies) and not create new ones dedicated for this role * we should be able to add conditions on who can assume this role (mfa enabled, be part of organization, specific session name, etc) #### references * closes #24 * documentation for conditions: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document * documentation for conditions in trust role policies: https://aws.amazon.com/blogs/security/how-to-use-trust-policies-with-iam-roles/Configuration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- If you want to rebase/retry this PR, click this checkbox.
This PR has been generated by WhiteSource Renovate. View repository job log here.
Contributors
Assets 2
v0.6.1
Docs: Fix usage snippet (missing source attribute) @korenyoni (#25)
what
- Fix usage snippet (missing source attribute)
- Fix module block name in usage snippet (does not match module name)
why
- The usage snippet is incorrect (missing source attribute and does not match module name)
references
- N/A
🚀 Enhancements
Allow slash in log group names @nitrocode (#26)
what
- Custom label for cloudwatch log group name
why
- Allow slash in log group names
references
test
provider "aws" {
region = "us-east-2"
}
module "cloudwatch_logs" {
source = "github.com/cloudposse/terraform-aws-cloudwatch-logs?ref=allow-slash-log-group-names"
name = "/aws/kinesisfirehose/aws-waf-logs-dev-app"
}results in
# module.cloudwatch_logs.aws_cloudwatch_log_group.default[0] will be created
+ resource "aws_cloudwatch_log_group" "default" {
+ arn = (known after apply)
+ id = (known after apply)
+ name = "/aws/kinesisfirehose/aws-waf-logs-dev-app"
+ retention_in_days = 30
+ tags = {
+ "Name" = "/aws/kinesisfirehose/aws-waf-logs-dev-app"
}
+ tags_all = {
+ "Name" = "/aws/kinesisfirehose/aws-waf-logs-dev-app"
}
}Contributors
Assets 2
v0.6.0
🚀 Enhancements
Feat: Make IAM Role Optional @korenyoni (#24)
what
- Make IAM role conditional on feature flag.
- Run
make github/init. - Fix unintentional nested array in
stream_arnsoutput. - Fix usage snippet such that it conforms with other modules.
why
- Not all CloudWatch Logs log group use cases require an IAM role meant for assumption by an EC2 instance. The IAM role should be conditional.
- Running
make github/initupdates GHA workflow-related files. - Running
make github/initupdatescontext.tfto the latest distribution fromnull-label, which now has new features such as thetenantlabel.
references
Contributors
Assets 2
v0.5.0
Add permissions_boundary as a variable @mmorejon (#23)
what
- Add
permissions_boundaryas a parameter - Upgrade
cloudposse/iam-role/awsmodule to version0.13.0
why
- This parameter is missing in the module as an option.
references
- PR
cloudposse/iam-role/awsin module
Signed-off-by: Manuel Morejon manuel@mmorejon.io
