search

mackerelio-labs / mackerel-monitoring-modules

Reusable IaC modules for monitoring systems/services on Mackerel
Apache License 2.0
3 stars 2 forks source link

[cloudwatch-logs-aggregator] replace deprecated inline_policy block of aws_iam_role resource #29

Closed Arthur1 closed 1 month ago

Arthur1 commented 1 month ago

Issue

Description

I replaced inline_policy block of aws_iam_role resource, which is deprecated from terraform-provider-aws v5.68.0, to aws_iam_role_policy resource.

Another candidate for replacement was aws_iam_role_policies_exclusive, but I did not choose it. This resource is not provided in terraform-provider-aws prior to v5.68.0. I think that exclusively inline-policy management is not particularly necessary in our case. If using aws_iam_role_policies_exclusive, you have to bump up their terraform-provider-aws to latest.

Test

 module "cw_logs_aggregator_lambda" {
-  source = "github.com/mackerelio-labs/mackerel-monitoring-modules//cloudwatch-logs-aggregator/lambda?ref=v0.3.0"
+  source = "github.com/mackerelio-labs/mackerel-monitoring-modules//cloudwatch-logs-aggregator/lambda?ref=7ef608"

   ...
 }
$ terraform plan
...
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following
symbols:
  + create

Terraform will perform the following actions:

  # module.sendgrid_webhook_logs_aggregator.module.cw_logs_aggregator_lambda.aws_iam_role_policy.this will be created
  + resource "aws_iam_role_policy" "this" {
      + id          = (known after apply)
      + name        = "cloudwatch-logs-aggregator-lambda"
      + name_prefix = (known after apply)
      + policy      = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = "ssm:GetParameter"
                      + Effect   = "Allow"
                      + Resource = "*"
                    },
                  + {
                      + Action   = [
                          + "logs:StopQuery",
                          + "logs:StartQuery",
                          + "logs:GetQueryResults",
                        ]
                      + Effect   = "Allow"
                      + Resource = "*"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + role        = "sendgrid-webhook-logs-aggregator-lambda"
    }

Plan: 1 to add, 0 to change, 0 to destroy.
...
スクリーンショット 2024-10-04 17 06 23