From ac4d549629aa64bbd92f80486bef904a9098e0fa Mon Sep 17 00:00:00 2001
From: Zvika Nadav <zvi8875@gmail.com>
Date: Tue, 11 Oct 2022 15:28:06 -0500
Subject: [PATCH] fix: Update CloudWatch log group creation deny policy to use
 wildcard (#2267)

Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
---
 .pre-commit-config.yaml | 2 +-
 main.tf                 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 6a8a23a..74f3751 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.75.0
+    rev: v1.76.0
     hooks:
       - id: terraform_fmt
       - id: terraform_validate
diff --git a/main.tf b/main.tf
index 011a26c..6de17d5 100644
--- a/main.tf
+++ b/main.tf
@@ -279,7 +279,7 @@ resource "aws_iam_role" "this" {
           {
             Action   = ["logs:CreateLogGroup"]
             Effect   = "Deny"
-            Resource = aws_cloudwatch_log_group.this[0].arn
+            Resource = "*"
           },
         ]
       })