Rex Whitten rexwhitten

To enable a custom name (i.e., not starting with /aws/vendedlogs/), you need two distinct sets of permissions in your Terraform.

The IAM Execution Role: This is what the Step Function assumes to execute your logic (e.g., calling Lambdas). It does not handle the logging permissions.
The CloudWatch Resource Policy (The "Other Change"): This is a separate resource that tells CloudWatch, "Allow the Step Function service (states.amazonaws.com) to write to this specific Log Group."

Here is the complete Terraform configuration.

The Terraform Code

Here is a complete, working example of a .gitlab-ci.yml file that meets your requirements.

I have chosen a Python base image for this example because it makes installing the AWS CLI (via pip) extremely straightforward and fast for a test scenario.

1. The Configuration (`.gitlab-ci.yml`)

Copy and paste this into your repository's CI/CD configuration file.

stages:

Option 1: Adapt to the RHEL Environment (Immediate Fix) If you must use this specific runner, you need to use RHEL commands.

Replace your before_script with this:

YAML

before_script:

RHEL uses yum/dnf. We install 'make' and 'unzip' (needed for AWS CLI)

sudo yum install -y make unzip

	def apply_scoring(scoring_strategy, findings):
	# Assuming logger is defined globally or imported
	# logger.info("Scoring")

	score = 0
	status = "no score"

	# Safety check: ensure findings is a list/iterable
	if findings is None:
	findings = []

	<!doctype html>
	<html lang="en">
	<head>
	<meta charset="UTF-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
	<title>M&A Cloud Posture Assessment - Onboarding</title>
	<style>
	* {
	margin: 0;
	padding: 0;

	import json
	import boto3
	import logging
	import os
	from datetime import datetime, timezone
	from decimal import Decimal
	from typing import Any, Dict, List
	from boto3.dynamodb.conditions import Key

	# Configure structured logging

	#!/bin/bash

	# Check if the JSON file is provided as an argument
	if [ -z "$1" ]; then
	echo "Usage: $0 <terraform-plan-output.json>"
	exit 1
	fi

	# Function to get an emoticon based on the action
	get_emoticon() {

	#!/bin/bash

	# You should have these envvars setup already
	# VAULT_ADDR="https://your-vault-address"
	# VAULT_TOKEN="your-vault-token"

	# Define Okta and Vault configuration variables
	OKTA_DOMAIN="yourOktaDomain"
	VAULT_API_TOKEN_PATH="secret/data/okta/api_token"
	VAULT_USER_CREDS_PATH="secret/data/okta/users"

	#! /usr/bin/env node
	import OpenAI from "openai";
	import { exec } from 'child_process';

	exec('git status', async (error, stdout, stderr) => {
	if (error) {
	console.error(`exec error: ${error}`);
	return;
	}
	if (stderr) {

	param(
	[string]$productName = "terraform",
	[string]$os = "linux",
	[string]$arch = "amd64",
	[string]$version = "latest"
	)

	Function Get-Products {
	Invoke-RestMethod -Uri https://api.releases.hashicorp.com/v1/products \| Format-Table
	}

Rex Whitten rexwhitten

The Terraform Code

1. The Configuration (.gitlab-ci.yml)

RHEL uses yum/dnf. We install 'make' and 'unzip' (needed for AWS CLI)

1. The Configuration (`.gitlab-ci.yml`)