-
Notifications
You must be signed in to change notification settings - Fork 0
/
data.tf
48 lines (41 loc) · 1.15 KB
/
data.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
// Data sources
/* Setup to get the Account ID via data.aws_caller_identity.current.account_id */
data "aws_caller_identity" "current" {}
/* Setup to get the REGION of the provided...provider */
data "aws_region" "current" {}
/*Setup to get the latest Amazon2 AMI */
data "aws_ssm_parameter" "amzn2_ami" {
name = "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2"
}
/* IAM policy documents */
data "aws_iam_policy_document" "cw_log_iam_trust_policy" {
statement {
effect = "Allow"
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["ec2.amazonaws.com"]
}
}
}
data "aws_iam_policy_document" "cw_log_permissions_policy" {
statement {
sid = 1
effect = "Allow"
actions = [
"logs:CreateLogGroup"
]
resources = ["arn:aws:logs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:*"]
}
/* For the log streams */
statement {
sid = 2
effect = "Allow"
actions = [
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:PutLogEvents"
]
resources = [aws_cloudwatch_log_group.cw_log_group.arn]
}
}