fix(CI): grant GHA access to create loggroup

meysam81 · meysam81 · commit 6a804526ddc4 · 2024-08-26T22:03:05.000+07:00
diff --git a/infra/aws-github-oidc/main.tf b/infra/aws-github-oidc/main.tf
@@ -28,12 +28,13 @@ data "aws_iam_policy_document" "assume_role" {
   }
 }
 
-data "aws_iam_policy_document" "lambda_policy" {
+data "aws_iam_policy_document" "iam_policy" {
   statement {
     actions = [
       "lambda:PublishLayerVersion",
       "lambda:UpdateFunctionCode",
       "lambda:UpdateFunctionConfiguration",
+      "logs:CreateLogGroup",
     ]
     effect    = "Allow"
     resources = ["*"]
@@ -53,7 +54,7 @@ resource "aws_iam_role" "this" {
   assume_role_policy = data.aws_iam_policy_document.assume_role.json
 
   inline_policy {
-    name   = "lambda_policy"
-    policy = data.aws_iam_policy_document.lambda_policy.json
+    name   = "iam-policy"
+    policy = data.aws_iam_policy_document.iam_policy.json
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -28,12 +28,13 @@ data "aws_iam_policy_document" "assume_role" {`
`28`	`28`	`}`
`29`	`29`	`}`
`30`	`30`
`31`		`-data "aws_iam_policy_document" "lambda_policy" {`
	`31`	`+data "aws_iam_policy_document" "iam_policy" {`
`32`	`32`	`statement {`
`33`	`33`	`actions = [`
`34`	`34`	`"lambda:PublishLayerVersion",`
`35`	`35`	`"lambda:UpdateFunctionCode",`
`36`	`36`	`"lambda:UpdateFunctionConfiguration",`
	`37`	`+ "logs:CreateLogGroup",`
`37`	`38`	`]`
`38`	`39`	`effect = "Allow"`
`39`	`40`	`resources = ["*"]`
`@@ -53,7 +54,7 @@ resource "aws_iam_role" "this" {`
`53`	`54`	`assume_role_policy = data.aws_iam_policy_document.assume_role.json`
`54`	`55`
`55`	`56`	`inline_policy {`
`56`		`- name = "lambda_policy"`
`57`		`- policy = data.aws_iam_policy_document.lambda_policy.json`
	`57`	`+ name = "iam-policy"`
	`58`	`+ policy = data.aws_iam_policy_document.iam_policy.json`
`58`	`59`	`}`
`59`	`60`	`}`