Allows moose-hf to access cloudwatch logs

to be tagged v3.4.11

base/account_standards_c2/iam.moose-hf.tf

@@ -54,6 +54,9 @@ resource "aws_iam_policy" "moose-hf" {
     {
       "Effect": "Allow",
       "Action": "sts:AssumeRole",
+                "logs:DescribeLogGroups",
+                "logs:DescribeLogStreams",
+                "logs:GetLogEvents",
       "Resource": "*"
     }
   ]