Created
May 10, 2019 17:16
-
-
Save edonosotti/6e826a70c2712d024b730f61d8b8edfc to your computer and use it in GitHub Desktop.
Terraform plan to grant API Gateway permissions to write logs to CloudWatch in AWS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # NOT MY CODE! TAKEN FROM THE OFFICIAL DOCS: | |
| # https://www.terraform.io/docs/providers/aws/r/api_gateway_account.html | |
| # and saved here as a backup. | |
| resource "aws_api_gateway_account" "demo" { | |
| cloudwatch_role_arn = "${aws_iam_role.cloudwatch.arn}" | |
| } | |
| resource "aws_iam_role" "cloudwatch" { | |
| name = "api_gateway_cloudwatch_global" | |
| assume_role_policy = <<EOF | |
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "", | |
| "Effect": "Allow", | |
| "Principal": { | |
| "Service": "apigateway.amazonaws.com" | |
| }, | |
| "Action": "sts:AssumeRole" | |
| } | |
| ] | |
| } | |
| EOF | |
| } | |
| resource "aws_iam_role_policy" "cloudwatch" { | |
| name = "default" | |
| role = "${aws_iam_role.cloudwatch.id}" | |
| policy = <<EOF | |
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "logs:CreateLogGroup", | |
| "logs:CreateLogStream", | |
| "logs:DescribeLogGroups", | |
| "logs:DescribeLogStreams", | |
| "logs:PutLogEvents", | |
| "logs:GetLogEvents", | |
| "logs:FilterLogEvents" | |
| ], | |
| "Resource": "*" | |
| } | |
| ] | |
| } | |
| EOF | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment