Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SNS Feedback role is broken #236

Open
1 task done
aldenquimby opened this issue Sep 20, 2024 · 6 comments · May be fixed by #237
Open
1 task done

SNS Feedback role is broken #236

aldenquimby opened this issue Sep 20, 2024 · 6 comments · May be fixed by #237

Comments

@aldenquimby
Copy link

aldenquimby commented Sep 20, 2024
edited
Loading

Description

Versions

  • Module version [Required]: 6.4.0

  • Terraform version: 1.9.0

  • Provider version(s): aws 5.64.0

Reproduction Code [Required]

Steps to reproduce the behavior:

enable_sns_topic_delivery_status_logs = true

Expected behavior

  • delivery status logs appear in CloudWatch

Actual behavior

  • delivery status logs do not appear in Cloudwatch

Additional context

It looks like #220 correctly fixed the assume_role_policy, but the role is still missing permission to actually write to CloudWatch. We need to add this:

  inline_policy {
    name = "allow-log-creation"

    policy = jsonencode({
      Version = "2012-10-17"
      Statement = [
        {
          Action = [
            "logs:CreateLogGroup",
            "logs:CreateLogStream",
            "logs:PutLogEvents",
            "logs:PutMetricFilter",
            "logs:PutRetentionPolicy",
          ]
          Effect   = "Allow"
          Resource = "*"
        },
      ]
    })
  }

As a workaround for now, I've created my own role and added this policy. I then confirmed that delivery status notifications work.
@aldenquimby aldenquimby linked a pull request Sep 20, 2024 that will close this issue
Open
3 tasks
@github-actions GitHub Actions
Copy link

This issue has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days

@github-actions github-actions bot added the stale label Oct 21, 2024
@aldenquimby
Copy link
Author

Commenting to remove stale label. #237 is still waiting on maintainer review

@github-actions github-actions bot removed the stale label Oct 22, 2024
@github-actions GitHub Actions
Copy link

This issue has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days

@github-actions github-actions bot added the stale label Nov 21, 2024
@aldenquimby
Copy link
Author

Still valid. Commenting to keep it open

@github-actions github-actions bot removed the stale label Nov 22, 2024
@github-actions GitHub Actions
Copy link

This issue has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days

@github-actions github-actions bot added the stale label Dec 22, 2024
@aldenquimby
Copy link
Author

aldenquimby commented Dec 22, 2024
edited
Loading

Not stale, still a bug

@github-actions github-actions bot removed the stale label Dec 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Give SNS feedback access to CloudWatch aldenquimby/terraform-aws-notify-slack
1 participant
@aldenquimby