ljluestc
commented
10 months ago
resource "aws_cloudtrail" "new_account_cloudtrail" {
name = "NewAccountCloudtrail"
s3_bucket_name = aws_s3_bucket.bucket_lambda_log.id
s3_key_prefix = "cloudtrail"
include_global_service_events = false
depends_on = [
aws_s3_bucket_policy.force_ssl_only_access_lambda_log,
aws_iam_role.role_new_accounts_cloudwatch,
aws_cloudwatch_log_group.new_accounts_log_group
]
cloud_watch_logs_role_arn = aws_iam_role.role_new_accounts_cloudwatch.arn
cloud_watch_logs_group_arn = aws_cloudwatch_log_group.new_accounts_log_group.arn
provider = aws.region
tags = var.platform_mandatory_tags
kms_key_id = aws_kms_key.new_account_key.arn
event_selector {
read_write_type = "All"
include_management_events = false
data_resource {
type = "AWS::Lambda::Function"
values = [aws_lambda_function.new_accounts_function.arn]
}
}
}
Hi,
I'm getting InvalidCloudWatchLogsLogGroupArnException error. I'm not sure why it is failing. everything looks good. Please help me to resolve this issue.
Terraform v0.12.23
provider.vault v2.13.0
Error below:
Error: Error updating CloudTrail: InvalidCloudWatchLogsLogGroupArnException: Check the log group ARN: CloudTrail can't validate it.
on cloudtrail.tf line 1, in resource "aws_cloudtrail" "new_account_cloudtrail": 1: resource "aws_cloudtrail" "new_account_cloudtrail" {