From 11c7ad4fb2419bbdec35a4e0f94fea29f28299d1 Mon Sep 17 00:00:00 2001
From: Seun0925 <ssoyinka@MacBook-Pro-2.local>
Date: Wed, 22 Jan 2025 16:21:46 -0600
Subject: [PATCH 1/2] fix(cloudwatch-role): allow log group creation for
 firehose role

---
 lib/local-constructs/cloudwatch-to-s3/index.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/local-constructs/cloudwatch-to-s3/index.ts b/lib/local-constructs/cloudwatch-to-s3/index.ts
index a66fcf02f1..0d7aae9408 100644
--- a/lib/local-constructs/cloudwatch-to-s3/index.ts
+++ b/lib/local-constructs/cloudwatch-to-s3/index.ts
@@ -35,7 +35,7 @@ export class CloudWatchToS3 extends Construct {
 
     firehoseRole.addToPolicy(
       new PolicyStatement({
-        actions: ["logs:PutLogEvents"],
+        actions: ["logs:PutLogEvents", "logs:CreateLogGroup"],
         resources: [
           `arn:aws:logs:${cdk.Stack.of(this).region}:${
             cdk.Stack.of(this).account

From d7dd87289d250d4bc17895c744b134cc8d0f4fef Mon Sep 17 00:00:00 2001
From: Seun0925 <ssoyinka@MacBook-Pro-2.local>
Date: Thu, 23 Jan 2025 11:24:21 -0600
Subject: [PATCH 2/2] fix(cloudwatch-role): updated test

---
 lib/local-constructs/cloudwatch-to-s3/index.test.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/local-constructs/cloudwatch-to-s3/index.test.ts b/lib/local-constructs/cloudwatch-to-s3/index.test.ts
index 256f0244b8..0732ff101b 100644
--- a/lib/local-constructs/cloudwatch-to-s3/index.test.ts
+++ b/lib/local-constructs/cloudwatch-to-s3/index.test.ts
@@ -48,7 +48,7 @@ describe("CloudWatchToS3", () => {
           resources: [`${bucket.bucketArn}/*`],
         }),
         expect.objectContaining({
-          actions: ["logs:PutLogEvents"],
+          actions: ["logs:PutLogEvents", "logs:CreateLogGroup"],
           resources: [
             `arn:aws:logs:${cdk.Stack.of(cloudWatchToS3).region}:${
               cdk.Stack.of(cloudWatchToS3).account