From 3c5eabd0fa36e5b6372a0af3c23ebb1741bf9b52 Mon Sep 17 00:00:00 2001
From: Tom McLaughlin <tom@serverlessops.io>
Date: Wed, 23 Oct 2024 15:35:38 -0400
Subject: [PATCH] enable CloudWatch account policy again

---
 stacksets/datadog-shipping/logs-template.yaml | 16 ++++++++--------
 stacksets/logging/template.yaml               | 14 +++++++-------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/stacksets/datadog-shipping/logs-template.yaml b/stacksets/datadog-shipping/logs-template.yaml
index 6191f81..808f901 100644
--- a/stacksets/datadog-shipping/logs-template.yaml
+++ b/stacksets/datadog-shipping/logs-template.yaml
@@ -159,14 +159,14 @@ Resources:
             LogGroupName: !Ref DeliveryStreamLogGroup
             LogStreamName: !Ref BackupDeliveryLogStream
 
-  #CloudWatchAccountPolicy:
-  #  Type: AWS::Logs::AccountPolicy
-  #  DependsOn: CloudWatchLogsPolicy
-  #  Properties:
-  #    PolicyName: Datadog-Logs-Firehose
-  #    PolicyDocument: !Sub '{ "RoleArn": "${CloudWatchLogsRole.Arn}", "DestinationArn": "${DatadogDeliveryStream.Arn}", "FilterPattern": ""}'
-  #    SelectionCriteria: !Sub 'LogGroupName NOT IN ["${DeliveryStreamLogGroup}"]'
-  #    PolicyType: "SUBSCRIPTION_FILTER_POLICY"
+  CloudWatchAccountPolicy:
+    Type: AWS::Logs::AccountPolicy
+    DependsOn: CloudWatchLogsPolicy
+    Properties:
+      PolicyName: Datadog-Logs-Firehose
+      PolicyDocument: !Sub '{ "RoleArn": "${CloudWatchLogsRole.Arn}", "DestinationArn": "${DatadogDeliveryStream.Arn}", "FilterPattern": ""}'
+      SelectionCriteria: !Sub 'LogGroupName NOT IN ["${DeliveryStreamLogGroup}"]'
+      PolicyType: "SUBSCRIPTION_FILTER_POLICY"
 
   DatadogLogsDestination:
     Type: AWS::Logs::Destination
diff --git a/stacksets/logging/template.yaml b/stacksets/logging/template.yaml
index 8aa90ec..f3ef17b 100644
--- a/stacksets/logging/template.yaml
+++ b/stacksets/logging/template.yaml
@@ -22,10 +22,10 @@ Resources:
               Service: !Sub "logs.${AWS::Region}.amazonaws.com"
             Action: sts:AssumeRole
 
-  #CloudWatchAccountPolicy:
-  #  Type: AWS::Logs::AccountPolicy
-  #  Condition: IsNotLoggingAccount
-  #  Properties:
-  #    PolicyName: Datadog-Logs-Firehose
-  #    PolicyDocument: !Sub '{ "RoleArn": "${CloudWatchLogsRole.Arn}", "DestinationArn": "${DestinationArn}", "FilterPattern": ""}'
-  #    PolicyType: "SUBSCRIPTION_FILTER_POLICY"
\ No newline at end of file
+  CloudWatchAccountPolicy:
+    Type: AWS::Logs::AccountPolicy
+    Condition: IsNotLoggingAccount
+    Properties:
+      PolicyName: Datadog-Logs-Firehose
+      PolicyDocument: !Sub '{ "RoleArn": "${CloudWatchLogsRole.Arn}", "DestinationArn": "${DestinationArn}", "FilterPattern": ""}'
+      PolicyType: "SUBSCRIPTION_FILTER_POLICY"
\ No newline at end of file