adding log group resource group to demonstrate not leaving behind tes…

…t resources
ministryofjustice · Jan 2, 2024 · c03991e · c03991e
1 parent 05bf9a9
commit c03991e
Showing 1 changed file with 9 additions and 4 deletions.
diff --git a/test/unit-test/main.tf b/test/unit-test/main.tf
@@ -64,6 +64,10 @@ resource "aws_cloudwatch_event_target" "instance_scheduler_weekly_start_in_the_m
   )
 }
 
+resource "aws_cloudwatch_log_group" "fake" {
+  name = "Lambda/Fake"
+}
+
 #tfsec:ignore:aws-iam-no-policy-wildcards
 data "aws_iam_policy_document" "instance-scheduler-lambda-function-policy" {
   # checkov:skip=CKV_AWS_107: "Limiting required permissions"
@@ -73,10 +77,11 @@ data "aws_iam_policy_document" "instance-scheduler-lambda-function-policy" {
     actions = [
       "logs:CreateLogGroup"
     ]
-    resources = [
-      # consider log group rename to function name or build log group as a separate resource 
-      format("arn:aws:logs:eu-west-2:%s:aws/lambda/fake", data.aws_caller_identity.current.account_id)
-    ]
+    # resources = [
+    #   # consider log group rename to function name or build log group as a separate resource 
+    #   format("arn:aws:logs:eu-west-2:%s:aws/lambda/fake", data.aws_caller_identity.current.account_id)
+    # ]
+    resources = aws_cloudwatch_log_group.fake.arn
   }
   statement {
     sid    = "AllowLambdaToWriteLogsToGroup"