From 066c90028ff5ccdb67b79f437bf1868904f630e2 Mon Sep 17 00:00:00 2001
From: Geoff Singer <singergs@amazon.com>
Date: Tue, 31 Aug 2021 09:05:16 -0500
Subject: [PATCH] Update: IAM role

---
 terraform-kickstarter/main.tf | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/terraform-kickstarter/main.tf b/terraform-kickstarter/main.tf
index ac45d538..206172ad 100644
--- a/terraform-kickstarter/main.tf
+++ b/terraform-kickstarter/main.tf
@@ -267,7 +267,8 @@ output "account_id" {
   value = data.aws_caller_identity.current.account_id
 }
 resource "aws_iam_role" "prowler_kick_start_role" {
-  name               = "security_baseline_kickstarter_iam_role"
+  depends_on          = [aws.iam.policy.prowler_kickstarter_iam_policy]
+  name                = "security_baseline_kickstarter_iam_role"
   managed_policy_arns = ["${data.aws_iam_policy.SecurityAudit.arn}",
                          "arn:aws:iam::aws:policy/job-function/SupportUser",
                          "arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"]
@@ -335,7 +336,7 @@ resource "aws_iam_policy" "prowler_kickstarter_iam_policy" {
             "logs:PutLogEvents"
             ],
         Effect   = "Allow"
-        Resource =  "arn:aws:logs:*:${data.aws_caller_identity.current.account_id}:log_group:*:log_stream:*"
+        Resource =  "arn:aws:logs:*:${data.aws_caller_identity.current.account_id}:log-group:*"
       },
        {
         Action =  [
@@ -343,7 +344,7 @@ resource "aws_iam_policy" "prowler_kickstarter_iam_policy" {
             "logs:CreateLogGroup"
             ],
         Effect   = "Allow"
-        Resource =  "arn:aws:logs:*:${data.aws_caller_identity.current.account_id}:log_group:*"
+        Resource =  "arn:aws:logs:*:${data.aws_caller_identity.current.account_id}:log-group:*"
       },
        {
         Action =  ["sts:AssumeRole"],