From 237f8cc83f4e58d0d61eaca0f7a11fb3d4f1bfea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9o=20Gillot-Lamure?= <leo.gillot@navaati.net>
Date: Tue, 23 Feb 2021 10:06:16 +0100
Subject: [PATCH] fix: Remove CreateLogGroup permission from service role
 (#550)

---
 vpc-flow-logs.tf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/vpc-flow-logs.tf b/vpc-flow-logs.tf
index 93c204ccf..f35480649 100644
--- a/vpc-flow-logs.tf
+++ b/vpc-flow-logs.tf
@@ -90,7 +90,6 @@ data "aws_iam_policy_document" "vpc_flow_log_cloudwatch" {
     effect = "Allow"
 
     actions = [
-      "logs:CreateLogGroup",
       "logs:CreateLogStream",
       "logs:PutLogEvents",
       "logs:DescribeLogGroups",