[Enhancement]: aws_codeguruprofiler_profiling_group

Description

Hi, aws_codeguruprofiler_profiling_group is great as a new resource introduced in 5.3.0, however

Agent permissions are missing (=Resource based permissions): The AWS console asks you to configure it before it can be used (Quote "Choose the role that is used to execute your AWS Lambda function. This is needed to grant permissions to submit profiling data for this profiling group with the CodeGuru Profiler agent").
Notifications: The AWS console says: "Choose SNS topics to notify when Profiler detects anomalies"

It would be great to be able to add a list of lambda functions and/or users having permissions and a SNS topic for notification.

The implementation in the awscc terraform provider has the agent permissions and notification settings. There is another issue with that resource (not related to this request, hence not going into that detail here).

Affected Resource(s) and/or Data Source(s)

aws_codeguruprofiler_profiling_group

Potential Terraform Configuration

resource "aws_codeguruprofiler_profiling_group" "example" {
  name             = "lambda-profiler"
  compute_platform = "AWSLambda"

  agent_orchestration_config {
    profiling_enabled = true
  }

  agent_permissions = {
    principals = [
      module.lambda_function_one.lambda_execution_role_arn,
      module.lambda_function_two.lambda_execution_role_arn
    ]
  }

  anomaly_detection_notification_configuration = [
    {
      channel_uri = aws_sns_topic.example.arn
    }
  ]
}

References

AWS Resource based policies and awscc agent_permissions
see awscc anomaly_detection_notification_configuration

hashicorp / terraform-provider-aws

[Enhancement]: aws_codeguruprofiler_profiling_group #36235

Description

Affected Resource(s) and/or Data Source(s)

Potential Terraform Configuration

References

Would you like to implement a fix?

Community Note