trigger policy recreate to undo possible changes I made manually and …

…missed resetting
ServerlessOpsIO · Oct 24, 2024 · 7e7a9cb · 7e7a9cb
1 parent e344e53
commit 7e7a9cb
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 4 deletions.
diff --git a/stacksets/datadog-shipping/logs-template.yaml b/stacksets/datadog-shipping/logs-template.yaml
@@ -60,15 +60,14 @@ Resources:
   CloudWatchLogsPolicy:
     Type: AWS::IAM::Policy
     Properties:
-      PolicyName: !Sub "${AWS::StackName}-datadog-cloudwatch-logs-policy"
+      PolicyName: datadog-cloudwatch-logs-policy
       PolicyDocument:
         Version: '2012-10-17'
         Statement:
           - Effect: Allow
             Action:
               - firehose:PutRecord
               - firehose:PutRecordBatch
-              - kinesis:PutRecord
             Resource: !GetAtt DatadogDeliveryStream.Arn
           - Effect: Allow
             Action:
@@ -95,7 +94,7 @@ Resources:
   FirehoseLogsPolicy:
     Type: AWS::IAM::Policy
     Properties:
-      PolicyName: !Sub "${AWS::StackName}-datadog-firehose-delivery-policy"
+      PolicyName: datadog-firehose-delivery-policy
       PolicyDocument:
         Version: '2012-10-17'
         Statement:

diff --git a/stacksets/logging/template.yaml b/stacksets/logging/template.yaml
@@ -39,4 +39,21 @@ Resources:
     Properties:
       PolicyName: Datadog-Logs-Firehose
       PolicyDocument: !Sub '{ "RoleArn": "${CloudWatchLogsRole.Arn}", "DestinationArn": "${DestinationArn}", "FilterPattern": ""}'
-      PolicyType: "SUBSCRIPTION_FILTER_POLICY"
+      PolicyType: "SUBSCRIPTION_FILTER_POLICY"
+
+
+
+
+
+
+
+
+aws logs put-account-policy \
+  --policy-name Datadog-Logs-Firehose \
+  --policy-type SUBSCRIPTION_FILTER_POLICY \
+  --policy-document '
+    {
+      "RoleArn": "arn:aws:iam::349603509961:role/aws-observability-infra-main-man-CloudWatchLogsRole-aMVAsMuK7nWL",
+      "DestinationArn": "arn:aws:firehose:us-east-1:156041432316:deliverystream/DATADOG-LOGS",
+      "FilterPattern": "{$.userIdentity.type = AssumedRole}"
+     }'