fix: prevent AWS Config to fire alarms (nozaq#139)

nozaq · web-flow · commit 3d57fcca5e74 · 2020-10-03T20:35:24.000+09:00
diff --git a/config_baselines.tf b/config_baselines.tf
@@ -48,7 +48,7 @@ data "aws_iam_policy_document" "recorder_publish_policy" {
   }
 
   statement {
-    actions   = ["s3:PutObject"]
+    actions   = ["s3:PutObject", "s3:PutObjectACl"]
     resources = ["${local.audit_log_bucket_arn}/config/AWSLogs/${var.aws_account_id}/*"]
 
     condition {

Original file line number	Diff line number	Diff line change
`@@ -48,7 +48,7 @@ data "aws_iam_policy_document" "recorder_publish_policy" {`
`48`	`48`	`}`
`49`	`49`
`50`	`50`	`statement {`
`51`		`- actions = ["s3:PutObject"]`
	`51`	`+ actions = ["s3:PutObject", "s3:PutObjectACl"]`
`52`	`52`	`resources = ["${local.audit_log_bucket_arn}/config/AWSLogs/${var.aws_account_id}/*"]`
`53`	`53`
`54`	`54`	`condition {`