[Logs forwarder] update AWS CF template for AWS China

DataDog · Oct 25, 2024 · ae34f8f · ae34f8f
1 parent 627343c
commit ae34f8f
Showing 1 changed file with 10 additions and 10 deletions.
diff --git a/aws/logs_monitoring/template.yaml b/aws/logs_monitoring/template.yaml
@@ -552,8 +552,8 @@ Resources:
               Service:
                 - lambda.amazonaws.com
       ManagedPolicyArns:
-        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
-        - arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole
+        - !Sub "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+        - !Sub "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
       PermissionsBoundary: !If
         - SetPermissionsBoundary
         - !Ref PermissionsBoundaryArn
@@ -574,7 +574,7 @@ Resources:
                     - !If
                       - CreateS3Bucket
                       - !Sub "${ForwarderBucket.Arn}/*"
-                      - !Sub "arn:aws:s3:::${DdForwarderExistingBucketName}/*"
+                      - !Sub "arn:${AWS::Partition}:s3:::${DdForwarderExistingBucketName}/*"
                   Effect: Allow
                 - !Ref AWS::NoValue
               - !If
@@ -587,7 +587,7 @@ Resources:
                     - !If
                       - CreateS3Bucket
                       - !GetAtt ForwarderBucket.Arn
-                      - !Sub "arn:aws:s3:::${DdForwarderExistingBucketName}"
+                      - !Sub "arn:${AWS::Partition}:s3:::${DdForwarderExistingBucketName}"
                   Condition:
                     StringLike:
                       s3:prefix:
@@ -661,7 +661,7 @@ Resources:
         - "logs.amazonaws.com.cn"
         - "logs.amazonaws.com"
       SourceAccount: !Ref "AWS::AccountId"
-      SourceArn: !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:*:*"
+      SourceArn: !Sub "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:*:*"
   S3Permission:
     Type: AWS::Lambda::Permission
     Properties:
@@ -772,7 +772,7 @@ Resources:
       Description: Copies Datadog Forwarder zip to the destination S3 bucket
       Handler: index.handler
       Runtime: python3.11
-      Timeout: 300
+      Timeout: 600
       Code:
         ZipFile: |
           import json
@@ -859,8 +859,8 @@ Resources:
               Service:
                 - lambda.amazonaws.com
       ManagedPolicyArns:
-        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
-        - arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole
+        - !Sub "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+        - !Sub "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
       PermissionsBoundary: !If
         - SetPermissionsBoundary
         - !Ref PermissionsBoundaryArn
@@ -878,15 +878,15 @@ Resources:
                   - !If
                     - CreateS3Bucket
                     - !Sub "${ForwarderBucket.Arn}/*"
-                    - !Sub "arn:aws:s3:::${DdForwarderExistingBucketName}/*"
+                    - !Sub "arn:${AWS::Partition}:s3:::${DdForwarderExistingBucketName}/*"
               - Effect: Allow
                 Action:
                   - s3:ListBucket
                 Resource:
                   - !If
                     - CreateS3Bucket
                     - !GetAtt "ForwarderBucket.Arn"
-                    - !Sub "arn:aws:s3:::${DdForwarderExistingBucketName}"
+                    - !Sub "arn:${AWS::Partition}:s3:::${DdForwarderExistingBucketName}"
               - !If
                 - SetS3SourceZip
                 - Effect: Allow