Skip to content

Commit

Permalink
S3 archive update role for metrics bucket [CDS-982] (#131)
Browse files Browse the repository at this point in the history 
* Update main.tf

* Update CHANGELOG.md
  • Loading branch information
@guyrenny
guyrenny authored Jan 17, 2024
1 parent 6304672 commit 5039add
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 4 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
# Changelog

## v1.0.82
### 🧰 Bug fixes 🧰
#### **s3-archive**
- Update the role for the metrics bucket

## v1.0.81
### 🧰 Bug fixes 🧰
#### **ecs-ec2**
Expand Down
9 changes: 5 additions & 4 deletions modules/provisioning/s3-archive/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,8 @@ locals {
metrics_validations = local.is_metrics_bucket_name_empty && !local.is_same_bucket_name && (local.is_valid_region || var.bypass_valid_region != "")
kms_logs_validation = local.logs_validations && var.logs_kms_arn != "" && contains(split(":", var.logs_kms_arn), var.aws_region)
kms_metrics_validation = local.metrics_validations && var.metrics_kms_arn != "" && contains(split(":", var.metrics_kms_arn), var.aws_region)
coralogix_arn = var.custom_coralogix_arn != "" ? "arn:aws:iam::${var.custom_coralogix_arn}:role/coralogix-archive-${local.coralogix_role_region}" : var.bypass_valid_region != "" ? "arn:aws:iam::${var.coralogix_arn_mapping[""]}:role/coralogix-archive-${local.coralogix_role_region}" : "arn:aws:iam::${var.coralogix_arn_mapping[var.aws_region]}:role/coralogix-archive-${local.coralogix_role_region}"
coralogix_log_role_arn = var.custom_coralogix_arn != "" ? "arn:aws:iam::${var.custom_coralogix_arn}:role/coralogix-archive-${local.coralogix_role_region}" : var.bypass_valid_region != "" ? "arn:aws:iam::${var.coralogix_arn_mapping[""]}:role/coralogix-archive-${local.coralogix_role_region}" : "arn:aws:iam::${var.coralogix_arn_mapping[var.aws_region]}:role/coralogix-archive-${local.coralogix_role_region}"
coralogix_metrics_role_arn = var.custom_coralogix_arn != "" ? "arn:aws:iam::${var.custom_coralogix_arn}:root" : var.bypass_valid_region != "" ? "arn:aws:iam::${var.coralogix_arn_mapping[""]}:root" : "arn:aws:iam::${var.coralogix_arn_mapping[var.aws_region]}:root"
}

data "aws_region" "current" {}
Expand Down Expand Up @@ -39,7 +40,7 @@ resource "aws_s3_bucket_policy" "logs_bucket_policy" {
{
Effect = "Allow"
Principal = {
AWS = local.coralogix_arn
AWS = local.coralogix_log_role_arn
}
Action = [
"s3:GetObject",
Expand Down Expand Up @@ -78,7 +79,7 @@ resource "aws_s3_bucket_policy" "metrics_bucket_policy" {
{
Effect = "Allow"
Principal = {
AWS = local.coralogix_arn
AWS = local.coralogix_metrics_role_arn
}
Action = [
"s3:GetObject",
Expand Down Expand Up @@ -107,4 +108,4 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "metrics_encryptio
}
bucket_key_enabled = true
}
}
}

0 comments on commit 5039add

Please sign in to comment.