From ac803c4e9e7cab3bfa82334df098093a8b6ab6a1 Mon Sep 17 00:00:00 2001
From: Ashleigh Carr <ashcorr20@gmail.com>
Date: Fri, 9 Dec 2022 17:32:35 +0000
Subject: [PATCH 1/2] fix: Set log4js file mode to 640 and add kinesis user to
 dotcom group to fix logging

---
 dotcom-rendering/cloudformation.yml        | 1 +
 dotcom-rendering/src/server/lib/logging.ts | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/dotcom-rendering/cloudformation.yml b/dotcom-rendering/cloudformation.yml
index 6709ef29639..63f0edc10a1 100644
--- a/dotcom-rendering/cloudformation.yml
+++ b/dotcom-rendering/cloudformation.yml
@@ -254,6 +254,7 @@ Resources:
 
               groupadd frontend
               useradd -r -m -s /usr/bin/nologin -g frontend dotcom-rendering
+              usermod -a -G dotcom-rendering aws-kinesis-agent-user
               cd /home/dotcom-rendering
 
               aws --region eu-west-1 s3 cp s3://aws-frontend-artifacts/frontend/${Stage}/${App}/dist/${App}.zip ./
diff --git a/dotcom-rendering/src/server/lib/logging.ts b/dotcom-rendering/src/server/lib/logging.ts
index fc81d814439..1a51a846bfa 100644
--- a/dotcom-rendering/src/server/lib/logging.ts
+++ b/dotcom-rendering/src/server/lib/logging.ts
@@ -68,6 +68,8 @@ const enableLog4j = {
 			backups: 5,
 			compress: true,
 			layout: { type: 'json', separator: ',' },
+			// Owner Read & Write, Group Read
+			mode: 0o640,
 		},
 	},
 	categories: {

From cbecfd19ea0672546fef626c2d8d792097cb792d Mon Sep 17 00:00:00 2001
From: Ashleigh Carr <ashcorr20@gmail.com>
Date: Fri, 9 Dec 2022 17:43:12 +0000
Subject: [PATCH 2/2] fix: Woops, wrong group used for kinesis!

---
 dotcom-rendering/cloudformation.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dotcom-rendering/cloudformation.yml b/dotcom-rendering/cloudformation.yml
index 63f0edc10a1..2a54e18f3ec 100644
--- a/dotcom-rendering/cloudformation.yml
+++ b/dotcom-rendering/cloudformation.yml
@@ -254,7 +254,7 @@ Resources:
 
               groupadd frontend
               useradd -r -m -s /usr/bin/nologin -g frontend dotcom-rendering
-              usermod -a -G dotcom-rendering aws-kinesis-agent-user
+              usermod -a -G frontend aws-kinesis-agent-user
               cd /home/dotcom-rendering
 
               aws --region eu-west-1 s3 cp s3://aws-frontend-artifacts/frontend/${Stage}/${App}/dist/${App}.zip ./