BucketARN instead of FolderARN (#37)

lorenzo-merici · web-flow · commit 280abc76ede9 · 2025-02-21T10:04:08.000+01:00
diff --git a/modules/integrations/cloud-logs/main.tf b/modules/integrations/cloud-logs/main.tf
@@ -39,7 +39,6 @@ data "sysdig_secure_cloud_ingestion_assets" "assets" {
 locals {
   account_id_hash  = substr(md5(data.aws_caller_identity.current.account_id), 0, 4)
   role_name        = "${var.name}-${random_id.suffix.hex}-${local.account_id_hash}"
-  bucket_arn       = regex("^([^/]+)", var.folder_arn)[0]
   trusted_identity = var.is_gov_cloud_onboarding ? data.sysdig_secure_trusted_cloud_identity.trusted_identity.gov_identity : data.sysdig_secure_trusted_cloud_identity.trusted_identity.identity
 
   topic_name = split(":", var.topic_arn)[5]
@@ -101,8 +100,8 @@ data "aws_iam_policy_document" "cloudlogs_s3_access" {
     ]
 
     resources = [
-      local.bucket_arn,
-      "${local.bucket_arn}/*"
+      var.bucket_arn,
+      "${var.bucket_arn}/*"
     ]
   }
 
@@ -116,8 +115,8 @@ data "aws_iam_policy_document" "cloudlogs_s3_access" {
     ]
 
     resources = [
-      local.bucket_arn,
-      "${local.bucket_arn}/*"
+      var.bucket_arn,
+      "${var.bucket_arn}/*"
     ]
   }
 }
@@ -171,7 +170,7 @@ resource "sysdig_secure_cloud_auth_account_component" "aws_cloud_logs" {
       cloudtrailSns = {
         role_name        = local.role_name
         topic_arn        = var.topic_arn
-        bucket_arn       = local.bucket_arn
+        bucket_arn       = var.bucket_arn
         ingested_regions = var.regions
         routing_key      = local.routing_key
       }
diff --git a/modules/integrations/cloud-logs/variables.tf b/modules/integrations/cloud-logs/variables.tf
@@ -3,8 +3,8 @@ variable "sysdig_secure_account_id" {
   description = "ID of the Sysdig Cloud Account to enable Cloud Logs integration for (in case of organization, ID of the Sysdig management account)"
 }
 
-variable "folder_arn" {
-  description = "(Required) The ARN of your CloudTrail Bucket Folder"
+variable "bucket_arn" {
+  description = "(Required) The ARN of your CloudTrail Bucket"
   type        = string
 }
 

Original file line number	Diff line number	Diff line change
`@@ -39,7 +39,6 @@ data "sysdig_secure_cloud_ingestion_assets" "assets" {`
`39`	`39`	`locals {`
`40`	`40`	`account_id_hash = substr(md5(data.aws_caller_identity.current.account_id), 0, 4)`
`41`	`41`	`role_name = "${var.name}-${random_id.suffix.hex}-${local.account_id_hash}"`
`42`		`- bucket_arn = regex("^([^/]+)", var.folder_arn)[0]`
`43`	`42`	`trusted_identity = var.is_gov_cloud_onboarding ? data.sysdig_secure_trusted_cloud_identity.trusted_identity.gov_identity : data.sysdig_secure_trusted_cloud_identity.trusted_identity.identity`
`44`	`43`
`45`	`44`	`topic_name = split(":", var.topic_arn)[5]`
`@@ -101,8 +100,8 @@ data "aws_iam_policy_document" "cloudlogs_s3_access" {`
`101`	`100`	`]`
`102`	`101`
`103`	`102`	`resources = [`
`104`		`- local.bucket_arn,`
`105`		`- "${local.bucket_arn}/*"`
	`103`	`+ var.bucket_arn,`
	`104`	`+ "${var.bucket_arn}/*"`
`106`	`105`	`]`
`107`	`106`	`}`
`108`	`107`
`@@ -116,8 +115,8 @@ data "aws_iam_policy_document" "cloudlogs_s3_access" {`
`116`	`115`	`]`
`117`	`116`
`118`	`117`	`resources = [`
`119`		`- local.bucket_arn,`
`120`		`- "${local.bucket_arn}/*"`
	`118`	`+ var.bucket_arn,`
	`119`	`+ "${var.bucket_arn}/*"`
`121`	`120`	`]`
`122`	`121`	`}`
`123`	`122`	`}`
`@@ -171,7 +170,7 @@ resource "sysdig_secure_cloud_auth_account_component" "aws_cloud_logs" {`
`171`	`170`	`cloudtrailSns = {`
`172`	`171`	`role_name = local.role_name`
`173`	`172`	`topic_arn = var.topic_arn`
`174`		`- bucket_arn = local.bucket_arn`
	`173`	`+ bucket_arn = var.bucket_arn`
`175`	`174`	`ingested_regions = var.regions`
`176`	`175`	`routing_key = local.routing_key`
`177`	`176`	`}`
Original file line number	Diff line number	Diff line change
`@@ -3,8 +3,8 @@ variable "sysdig_secure_account_id" {`
`3`	`3`	`description = "ID of the Sysdig Cloud Account to enable Cloud Logs integration for (in case of organization, ID of the Sysdig management account)"`
`4`	`4`	`}`
`5`	`5`
`6`		`-variable "folder_arn" {`
`7`		`- description = "(Required) The ARN of your CloudTrail Bucket Folder"`
	`6`	`+variable "bucket_arn" {`
	`7`	`+ description = "(Required) The ARN of your CloudTrail Bucket"`
`8`	`8`	`type = string`
`9`	`9`	`}`
`10`	`10`