Addin resource policy

mauricios · mauricios · commit eef1dbfdaceb · 2018-05-23T19:10:50.000-05:00
diff --git a/data.tf b/data.tf
@@ -1,3 +1,19 @@
 data "aws_vpc" "this" {
   id = "${var.vpc_id}"
 }
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    actions = [
+      "logs:CreateLogStream",
+      "logs:PutLogEvents",
+    ]
+
+    resources = ["${aws_cloudwatch_log_group.this.arn}:*"]
+
+    principals {
+      identifiers = ["es.amazonaws.com"]
+      type        = "Service"
+    }
+  }
+}
diff --git a/main.tf b/main.tf
@@ -164,3 +164,8 @@ resource "aws_elasticsearch_domain_policy" "this" {
 }
 POLICIES
 }
+
+resource "aws_cloudwatch_log_resource_policy" "this" {
+  policy_document = "${data.aws_iam_policy_document.this.json}"
+  policy_name     = "${local.id}-ElasticSearch-Index-Logs"
+}

Original file line number	Diff line number	Diff line change
`@@ -164,3 +164,8 @@ resource "aws_elasticsearch_domain_policy" "this" {`
`164`	`164`	`}`
`165`	`165`	`POLICIES`
`166`	`166`	`}`
	`167`	`+`
	`168`	`+resource "aws_cloudwatch_log_resource_policy" "this" {`
	`169`	`+ policy_document = "${data.aws_iam_policy_document.this.json}"`
	`170`	`+ policy_name = "${local.id}-ElasticSearch-Index-Logs"`
	`171`	`+}`