-
-
Notifications
You must be signed in to change notification settings - Fork 4.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Restrict flow log policy to use log group ARNs #1088
feat: Restrict flow log policy to use log group ARNs #1088
Conversation
This PR has been automatically marked as stale because it has been open 30 days |
## [5.12.0](v5.11.0...v5.12.0) (2024-08-03) ### Features * Restrict flow log policy to use log group ARNs ([#1088](#1088)) ([9256722](9256722))
This PR is included in version 5.12.0 🎉 |
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Description
This pull request updates the AWS VPC terraform module to use log group ARNs instead of wildcard ("*") as the resource in the flow log policy. This change restricts the flow log policy to specific log groups, improving security and ensuring that only authorized log groups can receive flow log data.
Motivation and Context
The previous implementation allowed logging to any log group in AWS CloudWatch Logs, which could potentially lead to unauthorized access to log data. The updated implementation ensures that flow log data is only sent to designated log groups specified by their ARNs.
Breaking Changes
This change does not break backwards compatibility with the current major version.
How Has This Been Tested?
examples/*
to demonstrate and validate my change(s)examples/*
projectspre-commit run -a
on my pull request to ensure that all relevant pre-commit checks have passed.Thank you.