diff --git a/modules/logging_configuration/local.tf b/modules/logging_configuration/local.tf index f9915e3..5752185 100644 --- a/modules/logging_configuration/local.tf +++ b/modules/logging_configuration/local.tf @@ -1,6 +1,6 @@ # tflint-ignore: terraform_unused_declarations locals { cloudwatch_log_group_name = var.enable_logging ? (var.override_cloudwatch_log_group_name != "" ? var.override_cloudwatch_log_group_name : aws_cloudwatch_log_group.cloudwatch_log_group[0].arn) : "" - account_id = data.aws_caller_identity.current.account_id - aws_region = data.aws_region.current.name + account_id = data.aws_caller_identity.current.account_id + aws_region = data.aws_region.current.name } diff --git a/modules/logging_configuration/main.tf b/modules/logging_configuration/main.tf index 3fa7c39..05f54a0 100644 --- a/modules/logging_configuration/main.tf +++ b/modules/logging_configuration/main.tf @@ -28,6 +28,7 @@ resource "aws_verifiedaccess_instance_logging_configuration" "this" { } +#checkov:skip=CKV_AWS_338:Ensure CloudWatch log groups retains logs for at least 1 year resource "aws_cloudwatch_log_group" "cloudwatch_log_group" { count = var.create_cloudwatch_log_group && var.enable_logging ? 1 : 0 name = var.cloudwatch_log_group_name