Skip to content

Commit

Permalink
Merge pull request #9 from kabisa/MS-67-wachtwoord-reset-aws-account-…
Browse files Browse the repository at this point in the history 
…arnout-rechten-assume-role

Ms 67 wachtwoord reset aws account arnout rechten assume role
  • Loading branch information
Paul van Lierop authored Oct 3, 2022
2 parents f4cb8a9 + be9768a commit 5a5b5d8
Showing 1 changed file with 3 additions and 4 deletions.
7 changes: 3 additions & 4 deletions cloudtrail.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ resource "aws_cloudtrail" "cloudtrail" {
name = var.trail_name
s3_bucket_name = var.cloudtrail_bucket != "" ? var.cloudtrail_bucket : local.bucket_name
cloud_watch_logs_role_arn = join("", aws_iam_role.cloudwatch_iam_role.*.arn)
cloud_watch_logs_group_arn = join("", aws_cloudwatch_log_group.log_group.*.arn)
cloud_watch_logs_group_arn = "${join("", aws_cloudwatch_log_group.log_group.*.arn)}:*"
include_global_service_events = var.include_global_service_events
enable_log_file_validation = var.enable_log_file_validation
is_multi_region_trail = var.is_multi_region_trail
Expand Down Expand Up @@ -58,7 +58,7 @@ data "aws_iam_policy_document" "cloudwatch_assume" {
statement {
principals {
type = "Service"
identifiers = ["cloudtrial.amazonaws.com"]
identifiers = ["cloudtrail.amazonaws.com"]
}

actions = ["sts:AssumeRole"]
Expand Down Expand Up @@ -89,7 +89,7 @@ data "aws_iam_policy_document" "cloudwatch" {
resource "aws_iam_policy" "cloudwatch_iam_policy" {
count = var.enable_cloudwatch_logs ? 1 : 0
name = var.cloudwatch_iam_policy_name
policy = one(data.aws_iam_policy_document.cloudwatch).rendered
policy = data.aws_iam_policy_document.cloudwatch[0].json
}

#
Expand Down Expand Up @@ -161,4 +161,3 @@ resource "aws_s3_bucket_policy" "cloudtrail_bucket" {
bucket = one(aws_s3_bucket.cloudtrail_bucket).bucket
policy = data.aws_iam_policy_document.cloudtrail_bucket.json
}

0 comments on commit 5a5b5d8

Please sign in to comment.