File tree Expand file tree Collapse file tree 3 files changed +64
-7
lines changed Expand file tree Collapse file tree 3 files changed +64
-7
lines changed Original file line number Diff line number Diff line change @@ -64,7 +64,12 @@ it is mandatory to run in the "us-east-1" region. Check the example.
6464
6565## Resources
6666
67+ - resource.aws_cloudwatch_log_resource_policy.main (cloudwatch.tf#13)
6768- resource.aws_wafv2_web_acl.main (main.tf#7)
69+ - resource.aws_wafv2_web_acl_logging_configuration.main (cloudwatch.tf#8)
70+ - data source.aws_caller_identity.current (cloudwatch.tf#59)
71+ - data source.aws_iam_policy_document.main (cloudwatch.tf#18)
72+ - data source.aws_region.current (cloudwatch.tf#57)
6873
6974# Examples
7075### Complete
Original file line number Diff line number Diff line change 1+ module "cloudwatch_log_group" {
2+ source = " geekcell/cloudwatch-log-group/aws"
3+ version = " >= 1.0.1, < 2.0.0"
4+
5+ name = " aws-waf-logs-${ var . name } "
6+ }
7+
8+ resource "aws_wafv2_web_acl_logging_configuration" "main" {
9+ log_destination_configs = module . cloudwatch_log_group . arn ]
10+ resource_arn = . main . arn
11+ }
12+
13+ resource "aws_cloudwatch_log_resource_policy" "main" {
14+ policy_document = . aws_iam_policy_document . main . json
15+ policy_name = " aws-waf-logs-policy-${ var . name } "
16+ }
17+
18+ data "aws_iam_policy_document" "main" {
19+ version = " 2012-10-17"
20+ statement {
21+
22+ effect = " Allow"
23+
24+ principals {
25+ identifiers =
26+ " delivery.logs.amazonaws.com"
27+ ]
28+ type = " Service"
29+ }
30+
31+ actions =
32+ " logs:CreateLogStream"
33+ " logs:PutLogEvents"
34+ ]
35+ resources =
36+ " ${ module . cloudwatch_log_group . arn } :*"
37+ ]
38+
39+ condition {
40+ test = " ArnLike"
41+ values =
42+ " arn:aws:logs:${ data . aws_region . current . name } :${ data . aws_caller_identity . current . account_id } :*"
43+ ]
44+ variable = " aws:SourceArn"
45+ }
46+
47+ condition {
48+ test = " StringEquals"
49+ values =
50+ tostring (data. aws_caller_identity . current . account_id )
51+ ]
52+ variable = " aws:SourceAccount"
53+ }
54+ }
55+ }
56+
57+ data "aws_region" "current" {}
58+
59+ data "aws_caller_identity" "current" {}
Original file line number Diff line number Diff line change @@ -84,10 +84,3 @@ resource "aws_wafv2_web_acl" "main" {
8484
8585 tags = . tags
8686}
87-
88- module "cloudwatch_log_group" {
89- source = " geekcell/cloudwatch-log-group/aws"
90- version = " >= 1.0.1, < 2.0.0"
91-
92- name = " /aws/cloudfront/waf/${ var . name } "
93- }
You can’t perform that action at this time.
0 commit comments