From 7e7a9cbf3505f15fa22793a868eae1596b5fff10 Mon Sep 17 00:00:00 2001
From: Tom McLaughlin <tom@serverlessops.io>
Date: Wed, 23 Oct 2024 21:01:32 -0400
Subject: [PATCH] trigger policy recreate to undo possible changes I made
 manually and missed resetting

---
 stacksets/datadog-shipping/logs-template.yaml |  5 ++---
 stacksets/logging/template.yaml               | 19 ++++++++++++++++++-
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/stacksets/datadog-shipping/logs-template.yaml b/stacksets/datadog-shipping/logs-template.yaml
index 808f901..81d70d1 100644
--- a/stacksets/datadog-shipping/logs-template.yaml
+++ b/stacksets/datadog-shipping/logs-template.yaml
@@ -60,7 +60,7 @@ Resources:
   CloudWatchLogsPolicy:
     Type: AWS::IAM::Policy
     Properties:
-      PolicyName: !Sub "${AWS::StackName}-datadog-cloudwatch-logs-policy"
+      PolicyName: datadog-cloudwatch-logs-policy
       PolicyDocument:
         Version: '2012-10-17'
         Statement:
@@ -68,7 +68,6 @@ Resources:
             Action:
               - firehose:PutRecord
               - firehose:PutRecordBatch
-              - kinesis:PutRecord
             Resource: !GetAtt DatadogDeliveryStream.Arn
           - Effect: Allow
             Action:
@@ -95,7 +94,7 @@ Resources:
   FirehoseLogsPolicy:
     Type: AWS::IAM::Policy
     Properties:
-      PolicyName: !Sub "${AWS::StackName}-datadog-firehose-delivery-policy"
+      PolicyName: datadog-firehose-delivery-policy
       PolicyDocument:
         Version: '2012-10-17'
         Statement:
diff --git a/stacksets/logging/template.yaml b/stacksets/logging/template.yaml
index ecc5445..3c1ed10 100644
--- a/stacksets/logging/template.yaml
+++ b/stacksets/logging/template.yaml
@@ -39,4 +39,21 @@ Resources:
     Properties:
       PolicyName: Datadog-Logs-Firehose
       PolicyDocument: !Sub '{ "RoleArn": "${CloudWatchLogsRole.Arn}", "DestinationArn": "${DestinationArn}", "FilterPattern": ""}'
-      PolicyType: "SUBSCRIPTION_FILTER_POLICY"
\ No newline at end of file
+      PolicyType: "SUBSCRIPTION_FILTER_POLICY"
+
+
+
+
+
+
+
+
+aws logs put-account-policy \
+  --policy-name Datadog-Logs-Firehose \
+  --policy-type SUBSCRIPTION_FILTER_POLICY \
+  --policy-document '
+    {
+      "RoleArn": "arn:aws:iam::349603509961:role/aws-observability-infra-main-man-CloudWatchLogsRole-aMVAsMuK7nWL",
+      "DestinationArn": "arn:aws:firehose:us-east-1:156041432316:deliverystream/DATADOG-LOGS",
+      "FilterPattern": "{$.userIdentity.type = AssumedRole}"
+     }'
\ No newline at end of file