From e68d09d72144dc2bc6889b2ef355e46ca64541f9 Mon Sep 17 00:00:00 2001
From: "Engelharts, Martins" <martins.engelharts@contractors.roche.com>
Date: Mon, 4 Nov 2024 15:15:42 +0200
Subject: [PATCH] fix cloudwatch policy for pipes

---
 iam_pipes.tf | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/iam_pipes.tf b/iam_pipes.tf
index 8054ae6..024982d 100644
--- a/iam_pipes.tf
+++ b/iam_pipes.tf
@@ -60,7 +60,16 @@ locals {
           matching_services = ["batch"]
         },
         logs = {
-          values            = [v.target],
+          values = flatten([
+            "${v.target}:*",
+            [
+              for pipe in var.pipes : [
+                for log_config in try([pipe.log_configuration], []) : [
+                  for cloudwatch_log in try([log_config.cloudwatch_logs_log_destination], []) : "${cloudwatch_log.log_group_arn}:*"
+                ]
+              ]
+            ]
+          ]),
           matching_services = ["logs"]
         },
         ecs = {