|
1 | 1 | locals { |
2 | 2 | cognito_role_name = "${terraform.workspace}-cognito-unauth-role" |
3 | | - # rum_role_name = "${terraform.workspace}-rum-service-role" |
4 | 3 | } |
5 | 4 |
|
6 | | -# resource "aws_iam_role" "cloudwatch_rum" { |
7 | | -# count = local.is_production ? 0 : 1 |
8 | | -# name = local.rum_role_name |
9 | | - |
10 | | -# assume_role_policy = jsonencode({ |
11 | | -# Version = "2012-10-17", |
12 | | -# Statement = [ |
13 | | -# { |
14 | | -# Effect = "Allow", |
15 | | -# Principal = { |
16 | | -# Service = "rum.amazonaws.com" |
17 | | -# }, |
18 | | -# Action = "sts:AssumeRole" |
19 | | -# } |
20 | | -# ] |
21 | | -# }) |
22 | | -# } |
23 | | - |
24 | 5 | resource "aws_iam_role" "cognito_unauthenticated" { |
25 | 6 | count = local.is_production ? 0 : 1 |
26 | 7 | name = local.cognito_role_name |
@@ -65,45 +46,12 @@ resource "aws_iam_policy" "cloudwatch_rum_cognito_access" { |
65 | 46 | }) |
66 | 47 | } |
67 | 48 |
|
68 | | -# resource "aws_iam_policy" "cloudwatch_rum_management" { |
69 | | -# count = local.is_production ? 0 : 1 |
70 | | -# name = "${terraform.workspace}-cloudwatch-rum-management-policy" |
71 | | -# description = "Policy to manage RUM app monitors and associated logs" |
72 | | - |
73 | | -# policy = jsonencode({ |
74 | | -# Version = "2012-10-17", |
75 | | -# Statement = [ |
76 | | -# { |
77 | | -# Effect = "Allow", |
78 | | -# Action = [ |
79 | | -# "rum:CreateAppMonitor", |
80 | | -# "rum:DescribeAppMonitor", |
81 | | -# "rum:DeleteAppMonitor", |
82 | | -# "rum:UpdateAppMonitor", |
83 | | -# "rum:TagResource", |
84 | | -# "logs:CreateLogGroup", |
85 | | -# "logs:CreateLogStream", |
86 | | -# "logs:PutLogEvents", |
87 | | -# "iam:PassRole" |
88 | | -# ], |
89 | | -# Resource = "*" |
90 | | -# } |
91 | | -# ] |
92 | | -# }) |
93 | | -# } |
94 | | - |
95 | 49 | resource "aws_iam_role_policy_attachment" "cloudwatch_rum_cognito_unauth" { |
96 | 50 | count = local.is_production ? 0 : 1 |
97 | 51 | role = aws_iam_role.cognito_unauthenticated[0].name |
98 | 52 | policy_arn = aws_iam_policy.cloudwatch_rum_cognito_access[0].arn |
99 | 53 | } |
100 | 54 |
|
101 | | -# resource "aws_iam_role_policy_attachment" "cloudwatch_rum_management" { |
102 | | -# count = local.is_production ? 0 : 1 |
103 | | -# role = aws_iam_role.cloudwatch_rum[0].name |
104 | | -# policy_arn = aws_iam_policy.cloudwatch_rum_management[0].arn |
105 | | -# } |
106 | | - |
107 | 55 | resource "aws_cognito_identity_pool_roles_attachment" "cloudwatch_rum" { |
108 | 56 | count = local.is_production ? 0 : 1 |
109 | 57 | identity_pool_id = aws_cognito_identity_pool.cloudwatch_rum[0].id |
@@ -133,7 +81,3 @@ resource "aws_rum_app_monitor" "ndr" { |
133 | 81 | telemetries = ["errors", "performance", "http"] |
134 | 82 | } |
135 | 83 | } |
136 | | -# tags = { |
137 | | -# ServiceRole = aws_iam_role.cloudwatch_rum[0].arn |
138 | | -# } |
139 | | -# } |
0 commit comments