projects / awsible / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
add a basic cw alarm
[awsible] / infrastructure / modules / management-stack / iam.tf
diff --git a/infrastructure/modules/management-stack/iam.tf b/infrastructure/modules/management-stack/iam.tf
index 3f8513448eacfd1bd8e796f55d796b7023dfc803..78783a152464e82df065d7d4381e0daa8a4997ed 100644 (file)
--- a/infrastructure/modules/management-stack/iam.tf
+++ b/infrastructure/modules/management-stack/iam.tf
@@ -23,10 +23,15 @@ data "aws_iam_policy_document" "management" {
                sid = "AWSControl"
                actions = [
                        "autoscaling:*",
+                       "cloudwatch:ListMetrics",
+                       "cloudwatch:GetMetricStatistics",
+                       "cloudwatch:Describe*",
                        "ec2:*",
                        "elasticloadbalancing:*",
                        "iam:PassRole",
-                       "iam:GetServerCertificate"
+                       "iam:GetServerCertificate",
+                       "logs:DescribeLogStreams",
+                       "logs:PutLogEvents",
                ]
                resources = [
                        "*"
AWSible - Autonomous Ansible in AWS