From 695e76f1670551c305e3da97b60026ef35275c97 Mon Sep 17 00:00:00 2001
From: Roman Volykh <rvolykh@gmail.com>
Date: Wed, 31 Dec 2025 10:24:29 +0200
Subject: [PATCH 1/2] fix: API GW logging permissions

---
 infra/modules/api/data.tf | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/infra/modules/api/data.tf b/infra/modules/api/data.tf
index b5e3baf..0759e7e 100644
--- a/infra/modules/api/data.tf
+++ b/infra/modules/api/data.tf
@@ -20,7 +20,7 @@ data "aws_iam_policy_document" "cloudwatch_permissions" {
       "logs:DeleteLogGroup",
     ]
     resources = [
-      "arn:aws:logs:*:*:log-group:/aws/apigateway/welcome:*"
+      "arn:aws:logs:*:*:log-group:/aws/apigateway/welcome"
     ]
   }
 
@@ -31,7 +31,7 @@ data "aws_iam_policy_document" "cloudwatch_permissions" {
       "logs:FilterLogEvents"
     ]
     resources = [
-      "arn:aws:logs:*:*:log-group:/aws/apigateway/welcome:*",
+      "arn:aws:logs:*:*:log-group:/aws/apigateway/welcome",
       aws_cloudwatch_log_group.access_logs.arn,
       aws_cloudwatch_log_group.stage_v1.arn,
     ]
@@ -45,9 +45,9 @@ data "aws_iam_policy_document" "cloudwatch_permissions" {
       "logs:GetLogEvents",
     ]
     resources = [
-      "arn:aws:logs:*:*:log-group:/aws/apigateway/welcome:*",
-      aws_cloudwatch_log_group.access_logs.arn,
-      aws_cloudwatch_log_group.stage_v1.arn,
+      "arn:aws:logs:*:*:log-group:/aws/apigateway/welcome:log-stream:*",
+      "${aws_cloudwatch_log_group.access_logs.arn}:log-stream:*",
+      "${aws_cloudwatch_log_group.stage_v1.arn}:log-stream:*",
     ]
   }
 }

From 0b3b96ec5f9f07ab0d8675371f32a25a5d82655e Mon Sep 17 00:00:00 2001
From: Roman Volykh <rvolykh@gmail.com>
Date: Wed, 31 Dec 2025 10:29:51 +0200
Subject: [PATCH 2/2] ci: Specify go.sum location for caching

---
 .github/actions/dependencies/action.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/actions/dependencies/action.yml b/.github/actions/dependencies/action.yml
index 42278a7..a783010 100644
--- a/.github/actions/dependencies/action.yml
+++ b/.github/actions/dependencies/action.yml
@@ -8,7 +8,7 @@ runs:
       uses: actions/setup-go@v6
       with:
         go-version: '1.25'
-
+        cache-dependency-path: "apps/*/go.sum"
     - name: "Set up Terraform"
       uses: hashicorp/setup-terraform@v3
       with: