feat(cloudlogs): replace FolderARN variable with BucketARN

modules/integrations/cloud-logs/main.tf

@@ -39,7 +39,6 @@ data "sysdig_secure_cloud_ingestion_assets" "assets" {
 locals {
   account_id_hash  = substr(md5(data.aws_caller_identity.current.account_id), 0, 4)
   role_name        = "${var.name}-${random_id.suffix.hex}-${local.account_id_hash}"
-  bucket_arn       = regex("^([^/]+)", var.folder_arn)[0]
   trusted_identity = var.is_gov_cloud_onboarding ? data.sysdig_secure_trusted_cloud_identity.trusted_identity.gov_identity : data.sysdig_secure_trusted_cloud_identity.trusted_identity.identity
 
   topic_name = split(":", var.topic_arn)[5]
@@ -101,8 +100,8 @@ data "aws_iam_policy_document" "cloudlogs_s3_access" {
     ]
 
     resources = [
-      local.bucket_arn,
-      "${local.bucket_arn}/*"
+      var.bucket_arn,
+      "${var.bucket_arn}/*"
     ]
   }
 
@@ -116,8 +115,8 @@ data "aws_iam_policy_document" "cloudlogs_s3_access" {
     ]
 
     resources = [
-      local.bucket_arn,
-      "${local.bucket_arn}/*"
+      var.bucket_arn,
+      "${var.bucket_arn}/*"
     ]
   }
 }
@@ -171,7 +170,7 @@ resource "sysdig_secure_cloud_auth_account_component" "aws_cloud_logs" {
       cloudtrailSns = {
         role_name        = local.role_name
         topic_arn        = var.topic_arn
-        bucket_arn       = local.bucket_arn
+        bucket_arn       = var.bucket_arn
         ingested_regions = var.regions
         routing_key      = local.routing_key
       }

modules/integrations/cloud-logs/variables.tf

@@ -3,8 +3,8 @@ variable "sysdig_secure_account_id" {
   description = "ID of the Sysdig Cloud Account to enable Cloud Logs integration for (in case of organization, ID of the Sysdig management account)"
 }
 
-variable "folder_arn" {
-  description = "(Required) The ARN of your CloudTrail Bucket Folder"
+variable "bucket_arn" {
+  description = "(Required) The ARN of your CloudTrail Bucket"
   type        = string
 }