Skip to content

Releases: cloudposse/terraform-aws-cloudwatch-logs

v0.6.8

01 Aug 09:36
f622326
Compare
Choose a tag to compare

🚀 Enhancements

Fix mistake in policy. Part2 @ramses999 (#39)

what

This is just a continuation of the fix #38.
Prod environment tested. That's how it works correctly.

v0.6.7

09 Mar 01:00
c17b4b6
Compare
Choose a tag to compare

🚀 Enhancements

Fix mistake in policy @ramses999 (#38)

what

Fix mistake in policy

why

The policy is created simply by ARN without the ":" construct, which is necessary to create the correct policy for the role.
Without this ":" construct, the policy is created, but it does not work correctly.
This error was discovered when I tried to create a cloudwatch group in the cloudtrail module.
I got the response "Error: Error updating CloudTrail: InvalidCloudWatchLogsLogGroupArnException: Access denied. Verify in IAM that the role has adequate permissions."
After studying the code, I realized that I need to add the construction ":*" in a couple of lines.
My solution looks like this, I need to replace the lines in file :

This line:
join("", aws_cloudwatch_log_group.default..arn),
replaced by
"${join("", aws_cloudwatch_log_group.default.
.arn)}:*"
You need to do this in both identical lines.

Perhaps you can suggest a better solution, I'm new to terraforming.

references

#37
https://github.com/cloudposse/terraform-aws-cloudwatch-logs/blob/master/iam.tf#L55

v0.6.6

23 Jun 23:00
a3f1f45
Compare
Choose a tag to compare

🤖 Automatic Updates

Update Terraform cloudposse/iam-role/aws to v0.16.2 @renovate (#33)

This PR contains the following updates:

Package Type Update Change
cloudposse/iam-role/aws (source) module patch 0.16.1 -> 0.16.2

v0.6.5

13 Apr 17:46
3a008ad
Compare
Choose a tag to compare

🚀 Enhancements

Add policy boundary and enable_tags for iam resouces @jamengual (#32)

what

  • Add policy boundary to cloudwatch IAM resources
  • Updating to new tags_enabled variable from I am role module

why

  • to pass policy_boundary and to add the ability to disable tags for IAM resources

references

v0.6.4

20 Jan 02:26
1dc6e97
Compare
Choose a tag to compare

🤖 Automatic Updates

Update Terraform cloudposse/iam-role/aws to v0.15.0 @renovate (#29)

This PR contains the following updates:

Package Type Update Change
cloudposse/iam-role/aws (source) module minor 0.14.1 -> 0.15.0

Release Notes

cloudposse/terraform-aws-iam-role

v0.15.0

Compare Source

allow to set role and policy path @​1david5 (#​40) #### what * Add `path` argument to role and policy resources #### why * Allow users to set path for role and policy

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

v0.6.3

07 Jan 01:51
3c47695
Compare
Choose a tag to compare

🤖 Automatic Updates

Update Terraform cloudposse/iam-role/aws to v0.14.1 @renovate (#28)

This PR contains the following updates:

Package Type Update Change
cloudposse/iam-role/aws (source) module patch 0.14.0 -> 0.14.1

Release Notes

cloudposse/terraform-aws-iam-role

v0.14.1

Compare Source

Fix: Fix Variable Description Typo for `var.use_fullname` @​korenyoni (#​36) #### what * Fix variable description typo introduced in #​35 for `var.use_fullname` #### why * Minor typo (unmatched right bracket). #### references * #​35
Drop unused null provider @​Xerkus (#​34) #### what * Drop `hashicorp/null` provider from dependencies #### why * As far as I can tell the null provider is not used and I do not think it is needed for any kind of indirect dependency * I think it was needed at some point for terraform-null-label #### references * Closes #​31
Fix: fix variable description for `var.use_fullname`, run `make github/init` @​korenyoni (#​35) #### what - Fix variable description for `var.use_fullname`. - Run `make github/init`. #### why - The `var.use_fullname` variable description is incorrect and refers to ECR repositories instead of IAM roles. - Running `make github/init` will update GHA-workflow related files (and CODEOWNERS), the former of which is required for the `no-release` label (which allows for consolidating multiple small PRs such as this into one release). #### references * N/A
#### 🚀 Enhancements
Add tags to policy @​nitrocode (#​37) #### what * Add tags to policy #### why * Tag it all #### references N/A

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

v0.6.2

08 Dec 17:38
0f4fea1
Compare
Choose a tag to compare

🤖 Automatic Updates

Update Terraform cloudposse/iam-role/aws to v0.14.0 @renovate (#27)

This PR contains the following updates:

Package Type Update Change
cloudposse/iam-role/aws (source) module minor 0.13.0 -> 0.14.0

Release Notes

cloudposse/terraform-aws-iam-role

v0.14.0

Compare Source

Add assume role policy conditions and managed iam policies @​sebastianmacarescu (#​33) #### what * option to attach AWS Managed IAM policies to created role * option to add conditions to trust policy #### why * we should be able to use aws managed policies (or any other policies) and not create new ones dedicated for this role * we should be able to add conditions on who can assume this role (mfa enabled, be part of organization, specific session name, etc) #### references * closes #​24 * documentation for conditions: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document * documentation for conditions in trust role policies: https://aws.amazon.com/blogs/security/how-to-use-trust-policies-with-iam-roles/

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

v0.6.1

18 Nov 22:59
020e078
Compare
Choose a tag to compare
Docs: Fix usage snippet (missing source attribute) @korenyoni (#25)

what

  • Fix usage snippet (missing source attribute)
  • Fix module block name in usage snippet (does not match module name)

why

  • The usage snippet is incorrect (missing source attribute and does not match module name)

references

  • N/A

🚀 Enhancements

Allow slash in log group names @nitrocode (#26)

what

  • Custom label for cloudwatch log group name

why

  • Allow slash in log group names

references

test

provider "aws" {
  region = "us-east-2"
}

module "cloudwatch_logs" {
  source = "github.com/cloudposse/terraform-aws-cloudwatch-logs?ref=allow-slash-log-group-names"

  name = "/aws/kinesisfirehose/aws-waf-logs-dev-app"
}

results in

  # module.cloudwatch_logs.aws_cloudwatch_log_group.default[0] will be created
  + resource "aws_cloudwatch_log_group" "default" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + name              = "/aws/kinesisfirehose/aws-waf-logs-dev-app"
      + retention_in_days = 30
      + tags              = {
          + "Name" = "/aws/kinesisfirehose/aws-waf-logs-dev-app"
        }
      + tags_all          = {
          + "Name" = "/aws/kinesisfirehose/aws-waf-logs-dev-app"
        }
    }

v0.6.0

21 Oct 23:41
0d6ed23
Compare
Choose a tag to compare

🚀 Enhancements

Feat: Make IAM Role Optional @korenyoni (#24)

what

  • Make IAM role conditional on feature flag.
  • Run make github/init.
  • Fix unintentional nested array in stream_arns output.
  • Fix usage snippet such that it conforms with other modules.

why

  • Not all CloudWatch Logs log group use cases require an IAM role meant for assumption by an EC2 instance. The IAM role should be conditional.
  • Running make github/init updates GHA workflow-related files.
  • Running make github/init updates context.tf to the latest distribution from null-label, which now has new features such as the tenant label.

references

v0.5.0

15 Sep 11:55
0fa3f25
Compare
Choose a tag to compare
Add permissions_boundary as a variable @mmorejon (#23)

what

  • Add permissions_boundary as a parameter
  • Upgrade cloudposse/iam-role/aws module to version 0.13.0

why

  • This parameter is missing in the module as an option.

references

  • PR cloudposse/iam-role/aws in module

Signed-off-by: Manuel Morejon manuel@mmorejon.io