Skip to content

Commit 127c4d5

Browse files
harrim91harrim91
committed
CCM-8572: add pipe logging
1 parent 5368cd8 commit 127c4d5

File tree

1 file changed

+13
-12
lines changed

1 file changed

+13
-12
lines changed

infrastructure/terraform/modules/backend-api/pipes_pipe_tags_added.tf renamed to infrastructure/terraform/modules/backend-api/pipes_pipe_quarantine_tags_added.tf

Lines changed: 13 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,14 @@ resource "aws_pipes_pipe" "quarantine_tags_added" {
1414
resources = [module.s3bucket_quarantine.arn]
1515
}
1616
}
17+
18+
log_configuration {
19+
cloudwatch_logs_log_destination {
20+
log_group_arn = aws_cloudwatch_log_group.quarantine_tags_added_pipe.arn
21+
}
22+
level = "ERROR"
23+
include_execution_data = ["ALL"]
24+
}
1725
}
1826

1927
resource "aws_iam_role" "pipe" {
@@ -40,18 +48,6 @@ data "aws_iam_policy_document" "pipe_trust_policy" {
4048

4149
identifiers = ["pipes.amazonaws.com"]
4250
}
43-
44-
condition {
45-
test = "StringEquals"
46-
variable = "aws:SourceAccount"
47-
values = [var.aws_account_id]
48-
}
49-
50-
# condition {
51-
# test = "StringEquals"
52-
# variable = "aws:SourceArn"
53-
# values = [aws_pipes_pipe.quarantine_tags_added.arn]
54-
# }
5551
}
5652
}
5753

@@ -94,3 +90,8 @@ data "aws_iam_policy_document" "pipe" {
9490
]
9591
}
9692
}
93+
94+
resource "aws_cloudwatch_log_group" "quarantine_tags_added_pipe" {
95+
name = "/aws/vendedlogs/pipes/${local.csi}-quarantine-tags-added"
96+
retention_in_days = var.log_retention_in_days
97+
}

0 commit comments

Comments
 (0)