fix: Update CloudWatch log group creation deny policy to use wildcard (#2267)

Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
2026-01-18 17:47:31 +01:00 · 2022-10-11 15:28:06 -05:00
parent 7f901840c4
commit ac4d549629
2 changed files with 2 additions and 2 deletions
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
  - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.75.0
+    rev: v1.76.0
    hooks:
      - id: terraform_fmt
      - id: terraform_validate
--- a/main.tf
+++ b/main.tf
@@ -279,7 +279,7 @@ resource "aws_iam_role" "this" {
          {
            Action   = ["logs:CreateLogGroup"]
            Effect   = "Deny"
-            Resource = aws_cloudwatch_log_group.this[0].arn
+            Resource = "*"
          },
        ]
      })