fix - tag missing for aws_kinesis_firehose_delivery_stream resource

[K-Nakul-K]

Description

LogDeliveryEnabled = true, Tag was missing for aws_kinesis_firehose_delivery_stream resource

Fixes #194

How Has This Been Tested?

Tested on my env. by running terraform apply multiple times.

Checklist:

• I have updated the relevant example in the examples directory for the module.
• I have updated the relevant test file for the module.
• This change does not affect module (e.g. it's readme file change)

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ K-Nakul-K
❌ Nakul Khargonkar

---

Nakul Khargonkar seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[cazorla19]

please update the CHANGELOG.md with this change as a bug fix, otherwise the change itself lgtm

[K-Nakul-K]

please update the CHANGELOG.md with this change as a bug fix, otherwise the change itself lgtm

Done.

[ryantanjunming]

Hi @K-Nakul-K , can i have some documentation on this LogDeliveryEnabled = true being added on for aws_kinesis_firehose_delivery_stream?

I only see https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html which looks more like a resource policy

[K-Nakul-K]

Hi @K-Nakul-K , can i have some documentation on this LogDeliveryEnabled = true being added on for aws_kinesis_firehose_delivery_stream?

I only see https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html which looks more like a resource policy
Hi Ryan Tan,

In the same link that you were looking please find The Firehose stream must have the tag LogDeliveryEnabled set to true.

Also find screenshot for the same.

[ryantanjunming]

@K-Nakul-K Is this change policy also required for firehose_iam role?

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "firehose:PutRecord", "firehose:PutRecordBatch", "firehose:ListTagsForDeliveryStream" ], "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceTag/LogDeliveryEnabled": "true" } }, "Effect": "Allow" } ] }

[ryantanjunming]

@K-Nakul-K pls sign the Contributor License Agreement

[K-Nakul-K]

@K-Nakul-K Is this change policy also required for firehose_iam role?

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "firehose:PutRecord", "firehose:PutRecordBatch", "firehose:ListTagsForDeliveryStream" ], "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceTag/LogDeliveryEnabled": "true" } }, "Effect": "Allow" } ] }

My use case is deliver of logs from AWS Network firewall to firehose which uses V1 permission (as per documentation)

and AWSServiceRoleForLogDeliveryPolicy role is already created by AWS. This service-linked role grants permission for all Firehose delivery streams that have the LogDeliveryEnabled tag set to true.

So short answer not required. :)

[K-Nakul-K]

@K-Nakul-K pls sign the Contributor License Agreement

K-Nakul-K is my public id, from which I already signed the Contributor License Agreement. Where are username that you see is my org. laptop, not sure if I could really sign from that contributor name. If there any workaround for this? Sorry being stupid, I am new to public contributions.

[ryantanjunming]

@K-Nakul-K I copied over your PR since the contributor license cant be signed by the org laptop one.
I'll see to it getting merged, thanks for the help

#197

[K-Nakul-K]

@ryantanjunming Thank You! :)