diff --git a/eventbridge-cloudwatch-terraform/README.md b/eventbridge-cloudwatch-terraform/README.md
index ffd95b953b..defa44e670 100644
--- a/eventbridge-cloudwatch-terraform/README.md
+++ b/eventbridge-cloudwatch-terraform/README.md
@@ -37,8 +37,6 @@ Important: this application uses various AWS services and there are costs associ
 
 ## How it works
 
-The AWS SAM template deploys the resources and the IAM permissions required to run the application.
-
 The EventBridge rule specified in `main.tf` filters the events based upon the criteria in the `aws_cloudwatch_event_rule` block. When matching events are sent to EventBridge that trigger the rule, they are delivered as a JSON event payload to CloudWatch Logs.
 
 ## Testing
diff --git a/eventbridge-cloudwatch-terraform/main.tf b/eventbridge-cloudwatch-terraform/main.tf
index eb9759ae31..255005f80b 100644
--- a/eventbridge-cloudwatch-terraform/main.tf
+++ b/eventbridge-cloudwatch-terraform/main.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.27"
+      version = "~> 6.0"
     }
   }
 
@@ -41,7 +41,7 @@ resource "aws_cloudwatch_log_resource_policy" "MyCloudWatchLogPolicy" {
         "logs:CreateLogStream",
         "logs:PutLogEvents"
         ],
-      "Resource": "${aws_cloudwatch_log_group.MyLogGroup.arn}",
+      "Resource": "${aws_cloudwatch_log_group.MyLogGroup.arn}:*",
       "Condition": {
         "ArnEquals": {
           "aws:SourceArn": "${aws_cloudwatch_event_rule.MyEventRule.arn}"
@@ -73,4 +73,4 @@ resource "aws_cloudwatch_event_target" "MyRuleTarget" {
 output "CW-Logs-Stream-Name" {
   value       = aws_cloudwatch_log_group.MyLogGroup.id
   description = "The CloudWatch Log Group Name"
-}
\ No newline at end of file
+}