Add CloudWatchFullAccessV2 managed policy (#2913)

[JustinTW]

No description provided.

[github-actions]

PR is now waiting for a maintainer to run the acceptance tests.
Note for the maintainer: To run the acceptance tests, please comment /run-acceptance-tests on the PR

[github-actions]

PR is now waiting for a maintainer to run the acceptance tests.
Note for the maintainer: To run the acceptance tests, please comment /run-acceptance-tests on the PR

[iwahbe]

/run-acceptance-tests

[pulumi-bot]

Please view the PR build: https://github.com/pulumi/pulumi-aws/actions/runs/6938379386

[iwahbe]

Hey @JustinTW. Thanks for the contribution!

I can't find where AWS says that CloudWatchFullAccess will be deprecated on December 7. Can you link that?

If CloudWatchFullAccess is deprecated, we can add a deprecation message:

 provider/resources.go                              |   7 +-
 1 file changed, 5 insertions(+), 2 deletions(-)

--- a/provider/resources.go
+++ b/provider/resources.go
@@ -5644,8 +5644,11 @@ $ pulumi import aws:networkfirewall/resourcePolicy:ResourcePolicy example arn:aw
 					{Name: "CloudWatchEventsInvocationAccess", Value: "arn:aws:iam::aws:policy/service-role/CloudWatchEventsInvocationAccess"},
 					{Name: "CloudWatchEventsReadOnlyAccess", Value: "arn:aws:iam::aws:policy/CloudWatchEventsReadOnlyAccess"},
 					{Name: "CloudWatchEventsServiceRolePolicy", Value: "arn:aws:iam::aws:policy/aws-service-role/CloudWatchEventsServiceRolePolicy"},
-					// After December 7, 2023, "CloudWatchFullAccess" will no longer be supported. Use "CloudWatchFullAccessV2" instead.
-					{Name: "CloudWatchFullAccess", Value: "arn:aws:iam::aws:policy/CloudWatchFullAccess"},
+					{
+						Name:               "CloudWatchFullAccess",
+						Value:              "arn:aws:iam::aws:policy/CloudWatchFullAccess",
+						DeprecationMessage: `After December 7, 2023, "CloudWatchFullAccess" will no longer be supported. Use "CloudWatchFullAccessV2" instead.`,
+					},
 					{Name: "CloudWatchFullAccessV2", Value: "arn:aws:iam::aws:policy/CloudWatchFullAccessV2"},
 					{Name: "CloudWatchInternetMonitorServiceRolePolicy", Value: "arn:aws:iam::aws:policy/aws-service-role/CloudWatchInternetMonitorServiceRolePolicy"},
 					{Name: "CloudWatchLambdaInsightsExecutionRolePolicy", Value: "arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy"},

[github-actions]

PR is now waiting for a maintainer to run the acceptance tests.
Note for the maintainer: To run the acceptance tests, please comment /run-acceptance-tests on the PR

[JustinTW]

Hello @iwahbe,

Thanks for reviewing this PR. I also couldn't find any AWS documentation that specifies that CloudWatchFullAccess will be deprecated on December 7. The only thing I have is an email from AWS, which I've attached.

The relevant AWS documentation does mention that the policy will be deprecated, but it doesn't specify a date.

https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/auth-and-access-control-cw.html#managed-policies-cloudwatch-CloudWatchFullAccess

[github-actions]

PR is now waiting for a maintainer to run the acceptance tests.
Note for the maintainer: To run the acceptance tests, please comment /run-acceptance-tests on the PR

[iwahbe]

Thanks for the PR. I have confirmed that the message is correct (the email helped!).

LGTM