fix: Added Deny for CreateLogGroup action in EKS cluster role#1594
Merged
antonbabenko merged 3 commits intoNov 2, 2021
Merged
Conversation
4 tasks
|
This PR has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
navaati
approved these changes
Oct 21, 2021
| actions = [ | ||
| "logs:CreateLogGroup" | ||
| ] | ||
| resources = ["*"] |
There was a problem hiding this comment.
If you have a simple way to do that, you could restrain the policy to just the log group that would be created, to make the change even smaller. Not strictly necessary tho.
Contributor
|
@haarchri please correct tittle of PR to Also seems you using different version of |
haarchri
changed the title
haarchri
force-pushed
the
fix/920-cw-loggroup
branch
from
e93d207 to
aa9aba1
Compare
…ecreate in cleanup/deletion Signed-off-by: haarchri <chhaar30@googlemail.com>
haarchri
force-pushed
the
fix/920-cw-loggroup
branch
from
aa9aba1 to
3cace1f
Compare
Contributor
Author
|
@daroga0002 rebased and changed readme |
daroga0002
approved these changes
Nov 2, 2021
daroga0002
left a comment
daroga0002
left a comment
Contributor
There was a problem hiding this comment.
@haarchri thank your for your contribution 🎉
Contributor
|
@antonbabenko lets merge this (I will let you know when we can make release as I still looking into few other PRs) |
antonbabenko
changed the title
antonbabenko
changed the title
antonbabenko
pushed a commit
that referenced
this pull request
Nov 22, 2021
# [17.24.0](v17.23.0...v17.24.0) (2021-11-22) ### Bug Fixes * Added Deny for CreateLogGroup action in EKS cluster role ([#1594](#1594)) ([6959b9b](6959b9b)) * update CI/CD process to enable auto-release workflow ([#1698](#1698)) ([b876ff9](b876ff9)) ### Features * Add ability to define custom timeout for fargate profiles ([#1614](#1614)) ([b7539dc](b7539dc)) * Removed ng_depends_on variable and related hack ([#1672](#1672)) ([56e93d7](56e93d7))
Member
|
This PR is included in version 17.24.0 🎉 |
astech-mweber3
pushed a commit
to spring-media/terraform-aws-eks
that referenced
this pull request
Dec 1, 2021
astech-mweber3
pushed a commit
to spring-media/terraform-aws-eks
that referenced
this pull request
Dec 1, 2021
# [17.24.0](terraform-aws-modules/terraform-aws-eks@v17.23.0...v17.24.0) (2021-11-22) ### Bug Fixes * Added Deny for CreateLogGroup action in EKS cluster role ([terraform-aws-modules#1594](terraform-aws-modules#1594)) ([6959b9b](terraform-aws-modules@6959b9b)) * update CI/CD process to enable auto-release workflow ([terraform-aws-modules#1698](terraform-aws-modules#1698)) ([b876ff9](terraform-aws-modules@b876ff9)) ### Features * Add ability to define custom timeout for fargate profiles ([terraform-aws-modules#1614](terraform-aws-modules#1614)) ([b7539dc](terraform-aws-modules@b7539dc)) * Removed ng_depends_on variable and related hack ([terraform-aws-modules#1672](terraform-aws-modules#1672)) ([56e93d7](terraform-aws-modules@56e93d7))
bryantbiggs
pushed a commit
to bryantbiggs/terraform-aws-eks
that referenced
this pull request
Dec 13, 2021
# [17.24.0](terraform-aws-modules/terraform-aws-eks@v17.23.0...v17.24.0) (2021-11-22) ### Bug Fixes * Added Deny for CreateLogGroup action in EKS cluster role ([terraform-aws-modules#1594](terraform-aws-modules#1594)) ([6959b9b](terraform-aws-modules@6959b9b)) * update CI/CD process to enable auto-release workflow ([terraform-aws-modules#1698](terraform-aws-modules#1698)) ([b876ff9](terraform-aws-modules@b876ff9)) ### Features * Add ability to define custom timeout for fargate profiles ([terraform-aws-modules#1614](terraform-aws-modules#1614)) ([b7539dc](terraform-aws-modules@b7539dc)) * Removed ng_depends_on variable and related hack ([terraform-aws-modules#1672](terraform-aws-modules#1672)) ([56e93d7](terraform-aws-modules@56e93d7))
bryantbiggs
pushed a commit
to bryantbiggs/terraform-aws-eks
that referenced
this pull request
Dec 13, 2021
# [17.24.0](terraform-aws-modules/terraform-aws-eks@v17.23.0...v17.24.0) (2021-11-22) ### Bug Fixes * Added Deny for CreateLogGroup action in EKS cluster role ([terraform-aws-modules#1594](terraform-aws-modules#1594)) ([6959b9b](terraform-aws-modules@6959b9b)) * update CI/CD process to enable auto-release workflow ([terraform-aws-modules#1698](terraform-aws-modules#1698)) ([b876ff9](terraform-aws-modules@b876ff9)) ### Features * Add ability to define custom timeout for fargate profiles ([terraform-aws-modules#1614](terraform-aws-modules#1614)) ([b7539dc](terraform-aws-modules@b7539dc)) * Removed ng_depends_on variable and related hack ([terraform-aws-modules#1672](terraform-aws-modules#1672)) ([56e93d7](terraform-aws-modules@56e93d7))
|
To anyone landing on this confused like I was about whether this breaks compatibility with Fluent Bit: the IAM role you want to attach the CloudWatch policy to is the node role, not the cluster role. |
3 tasks
baibailiha
added a commit
to baibailiha/terraform-aws-eks
that referenced
this pull request
Sep 13, 2022
# [17.24.0](terraform-aws-modules/terraform-aws-eks@v17.23.0...v17.24.0) (2021-11-22) ### Bug Fixes * Added Deny for CreateLogGroup action in EKS cluster role ([#1594](terraform-aws-modules/terraform-aws-eks#1594)) ([d240238](terraform-aws-modules/terraform-aws-eks@d240238)) * update CI/CD process to enable auto-release workflow ([#1698](terraform-aws-modules/terraform-aws-eks#1698)) ([cd93161](terraform-aws-modules/terraform-aws-eks@cd93161)) ### Features * Add ability to define custom timeout for fargate profiles ([#1614](terraform-aws-modules/terraform-aws-eks#1614)) ([43b675b](terraform-aws-modules/terraform-aws-eks@43b675b)) * Removed ng_depends_on variable and related hack ([#1672](terraform-aws-modules/terraform-aws-eks#1672)) ([e610b83](terraform-aws-modules/terraform-aws-eks@e610b83))
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Signed-off-by: Christopher Haar chhaar30@googlemail.com
PR o'clock
Description
cloudwatch log group now gets auto destroyed with new iam policy deny for create log group in eks cluster role
Fixes: #920
Checklist