From 8328345a8bf5c73dfc49600cb5c19d24c7d965b9 Mon Sep 17 00:00:00 2001
From: keyolk <keyolk@gmail.com>
Date: Thu, 16 Nov 2023 10:12:40 +0900
Subject: [PATCH] lambda-promtail: fix IAM policy for clouddwatch log stream
 (#10909)

---
 tools/lambda-promtail/main.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/lambda-promtail/main.tf b/tools/lambda-promtail/main.tf
index 1b91fdc797c1..37f7e9ede7d0 100644
--- a/tools/lambda-promtail/main.tf
+++ b/tools/lambda-promtail/main.tf
@@ -64,7 +64,7 @@ data "aws_iam_policy_document" "lambda_cloudwatch" {
       "logs:PutLogEvents",
     ]
     resources = [
-      aws_cloudwatch_log_group.this.arn,
+      format("%s:*", aws_cloudwatch_log_group.this.arn),
     ]
   }
 }
@@ -286,4 +286,4 @@ resource "aws_lambda_event_source_mapping" "this" {
   event_source_arn  = each.value.arn
   function_name     = aws_lambda_function.this.arn
   starting_position = "LATEST"
-}
\ No newline at end of file
+}