Fix TFsec

chris-elliott-nhsd · chris-elliott-nhsd · commit bee845df0bba · 2025-01-30T12:59:34.000Z
diff --git a/infrastructure/terraform/components/acct/iam_role_apigateway_logging.tf b/infrastructure/terraform/components/acct/iam_role_apigateway_logging.tf
@@ -23,28 +23,7 @@ data "aws_iam_policy_document" "apigateway_assumerole" {
   }
 }
 
-resource "aws_iam_role_policy" "apigateway_logging" {
-  role   = aws_iam_role.apigateway_logging.name
-  name   = "${local.csi}-logging"
-  policy = data.aws_iam_policy_document.apigateway_logging.json
+resource "aws_iam_role_policy_attachment" "apigateway_logging" {
+  role       = aws_iam_role.apigateway_logging.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs"
 }
-
-data "aws_iam_policy_document" "apigateway_logging" {
-  statement {
-    sid    = "AllowLogs"
-    effect = "Allow"
-
-    actions = [
-      "logs:CreateLogGroup",
-      "logs:CreateLogStream",
-      "logs:DescribeLogGroups",
-      "logs:DescribeLogStreams",
-      "logs:PutLogEvents",
-      "logs:GetLogEvents",
-      "logs:FilterLogEvents",
-    ]
-
-    resources = ["*"]
-  }
-}
-
