IAM policy should include CloudWatchLogGroupNamePrefix variable

[timtron2]

ssm_documents/documents/AWSSupport-SetupIPMonitoringFromVPC

Line 216 in bbde08c

"PolicyDocument": "{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Effect\": \"Allow\", \"Action\": [ \"logs:PutMetricFilter\", \"logs:PutRetentionPolicy\" ], \"Resource\": \"arn:aws:logs:{{ global:REGION }}:{{ global:ACCOUNT_ID }}:log-group:/AWSSupport-SetupIPMonitoringFromVPC/*\" }, { \"Effect\": \"Allow\", \"Action\": \"cloudwatch:PutDashboard\", \"Resource\": \"*\" } ]}"

L216 should be

    "PolicyDocument": "{    \"Version\": \"2012-10-17\",    \"Statement\": [        {            \"Effect\": \"Allow\",            \"Action\": [                \"logs:PutMetricFilter\",                \"logs:PutRetentionPolicy\"            ],            \"Resource\": \"arn:aws:logs:{{ global:REGION }}:{{ global:ACCOUNT_ID }}:log-group:/{{ CloudWatchLogGroupNamePrefix }}/*\"        },        {            \"Effect\": \"Allow\",            \"Action\": \"cloudwatch:PutDashboard\",            \"Resource\": \"*\"        }    ]}"