Merge pull request #66 from DNXLabs/fix/remove-cw-ecs-policu

Add cw events log policy for all services on cluster

Author: lucasmacedot

_data.tf

@@ -1,4 +1,7 @@
 data "aws_region" "current" {}
+
+data "aws_partition" "current" {}
+
 data "aws_ami" "amzn" {
   most_recent = true
   owners      = ["amazon"]

cloudwatch-events-policy.tf

@@ -0,0 +1,21 @@
+data "aws_iam_policy_document" "ecs_events" {
+  statement {
+    actions = [
+      "logs:CreateLogStream",
+      "logs:PutLogEvents",
+      "logs:PutLogEventsBatch",
+    ]
+
+    resources = ["arn:aws:logs:${data.aws_region.current.name}:${data.aws_partition.current.partition}:log-group:/ecs/events/${var.name}/*"]
+
+    principals {
+      identifiers = ["events.amazonaws.com", "delivery.logs.amazonaws.com"]
+      type        = "Service"
+    }
+  }
+}
+
+resource "aws_cloudwatch_log_resource_policy" "ecs_events" {
+  policy_document = data.aws_iam_policy_document.ecs_events[0].json
+  policy_name     = "capture-ecs-events-${var.name}"
+}