File tree Expand file tree Collapse file tree 3 files changed +38
-0
lines changed Expand file tree Collapse file tree 3 files changed +38
-0
lines changed Original file line number Diff line number Diff line change @@ -18,3 +18,14 @@ resource "aws_cloudwatch_log_group" "runners" {
1818 retention_in_days = . logging_retention_in_days
1919 tags = . tags
2020}
21+
22+ resource "aws_iam_role_policy" "cloudwatch" {
23+ count = . enable_ssm_on_runners ? 1 : 0
24+ name = " CloudWatchLogginAndMetrics"
25+ role = . runner . name
26+ policy = templatefile (" ${ path . module } /policies/instance-cloudwatch-policy.json"
27+ {
28+ ssm_parameter_arn = aws_ssm_parameter.cloudwatch_agent_config_runner[0 ].arn
29+ }
30+ )
31+ }
Original file line number Diff line number Diff line change @@ -45,3 +45,5 @@ resource "aws_iam_role_policy_attachment" "managed_policies" {
4545 role = . runner . name
4646 policy_arn = element (var. runner_iam_role_managed_policy_arns , count. index )
4747}
48+
49+ // see also logging.tf for logging and metrics policies
Original file line number Diff line number Diff line change 1+ {
2+ "Version" : " 2012-10-17"
3+ "Statement" : [
4+ {
5+ "Effect" : " Allow"
6+ "Action" : [
7+ " cloudwatch:PutMetricData"
8+ " ec2:DescribeVolumes"
9+ " ec2:DescribeTags"
10+ " logs:PutLogEvents"
11+ " logs:DescribeLogStreams"
12+ " logs:DescribeLogGroups"
13+ " logs:CreateLogStream"
14+ ],
15+ "Resource" : " *"
16+ },
17+ {
18+ "Effect" : " Allow"
19+ "Action" : [
20+ " ssm:GetParameter"
21+ ],
22+ "Resource" : " ${ssm_parameter_arn}/*"
23+ }
24+ ]
25+ }
You can’t perform that action at this time.
0 commit comments