Skip to content

Commit 435f749

Browse files
authored
fixes issue with CloudWatch Logs custom log KMS permissions (#1293)
* update role permissions * update * Update * pin docker image
1 parent c0dc2dd commit 435f749

File tree

2 files changed

+8
-1
lines changed

2 files changed

+8
-1
lines changed

src/deployments/cdk/src/deployments/iam/log-group-role.ts

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,5 +51,12 @@ async function createRole(stack: AccountStack) {
5151
resources: ['*'],
5252
}),
5353
);
54+
55+
role.addToPrincipalPolicy(
56+
new iam.PolicyStatement({
57+
actions: ['kms:Encrypt', 'kms:Decrypt', 'kms:GenerateDataKey'],
58+
resources: ['*'],
59+
}),
60+
);
5461
return role;
5562
}

src/lib/cdk-accelerator/src/codebuild/cdk-deploy-project.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -146,7 +146,7 @@ export class PrebuiltCdkDeployProject extends CdkDeployProjectBase {
146146
fs.writeFileSync(
147147
path.join(this.projectTmpDir, 'Dockerfile'),
148148
[
149-
'FROM public.ecr.aws/bitnami/node:22',
149+
'FROM public.ecr.aws/bitnami/node:22.13.0',
150150
// Install the package manager
151151
...installPackageManagerCommands(props.packageManager).map(cmd => `RUN ${cmd}`),
152152
`WORKDIR ${appDir}`,

0 commit comments

Comments
 (0)