fix: Update CloudWatch log group creation deny policy to use wildcard (#2267)

Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
2026-03-29 13:41:47 +02:00 · 2022-10-11 15:28:06 -05:00
parent 7f901840c4
commit ac4d549629
2 changed files with 2 additions and 2 deletions
--- a/main.tf
+++ b/main.tf
@@ -279,7 +279,7 @@ resource "aws_iam_role" "this" {
          {
            Action   = ["logs:CreateLogGroup"]
            Effect   = "Deny"
-            Resource = aws_cloudwatch_log_group.this[0].arn
+            Resource = "*"
          },
        ]
      })