Hi
@RB! One question, I’m using
terraform-aws-cloudwatch-logs to create a log-group for Opensearch (formerly Elasticsearch) and I get this error:
│ Error: ValidationException: The Resource Access Policy specified for the CloudWatch Logs log group home-dev-es-search does not grant sufficient permissions for Amazon OpenSearch Service to create a log stream. Please check the Resource Access Policy.
this is my
tf file
module "home_dev_es_label" {
source = "cloudposse/label/null"
version = "0.25.0"
namespace = "home"
stage = "dev"
name = "es"
}
module "cloudwatch_search_log" {
source = "cloudposse/cloudwatch-logs/aws"
version = "0.5.0"
attributes = ["search"]
additional_permissions = ["logs:*"]
principals = { "Service" : ["<http://es.amazonaws.com|es.amazonaws.com>"] }
context = module.home_dev_es_label.context
}
Could you help me with this error?