SNS Feedback role is broken #236
Description
Description
-
Same as SNS Feedback role is broken #219 and SNS Feedback role is broken #204
-
✋ I have searched the open/closed issues and my issue is not listed.
Versions
-
Module version [Required]: 6.4.0
-
Terraform version: 1.9.0
- Provider version(s): aws 5.64.0
Reproduction Code [Required]
Steps to reproduce the behavior:
enable_sns_topic_delivery_status_logs = true
Expected behavior
- delivery status logs appear in CloudWatch
Actual behavior
- delivery status logs do not appear in Cloudwatch
Additional context
It looks like #220 correctly fixed the assume_role_policy, but the role is still missing permission to actually write to CloudWatch. We need to add this:
inline_policy {
name = "allow-log-creation"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:PutMetricFilter",
"logs:PutRetentionPolicy",
]
Effect = "Allow"
Resource = "*"
},
]
})
}
As a workaround for now, I've created my own role and added this policy. I then confirmed that delivery status notifications work.