diff options
| author | Kenny Ballou <kballou@devnulllabs.io> | 2020-02-05 17:33:15 -0700 |
|---|---|---|
| committer | Kenny Ballou <kballou@devnulllabs.io> | 2020-02-05 20:29:26 -0700 |
| commit | 787ab0b4b18003875346c7f9e98f1b2264fded46 (patch) | |
| tree | 56498f6ad814944e0a5437ff3f0ad0d6e46c16dc | |
| parent | 0eea4a0abfdbf1225abd148eac0a7f151c1144b3 (diff) | |
| download | kennyballou.com-787ab0b4b18003875346c7f9e98f1b2264fded46.tar.gz kennyballou.com-787ab0b4b18003875346c7f9e98f1b2264fded46.tar.xz | |
blog: create uri rewrite log group explicitly
This required some trickery to create, namely, the original log group
needed to be deleted first and then, quickly, the changeset needed to be
applied.
Interestingly enough, if this is done quickly enough, the original log
data is not actually lost, as of this writing. I personally don't
think that was intended, however, I think I can understand how something
like this could happen.
It would be nice if it were possible to get the name of the log group
that will be used from the lambda function resource. However, this does
not currently seem possible.
Signed-off-by: Kenny Ballou <kballou@devnulllabs.io>
| -rw-r--r-- | stacks/blog.tpl | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/stacks/blog.tpl b/stacks/blog.tpl index 3a6cd7f..3ca686c 100644 --- a/stacks/blog.tpl +++ b/stacks/blog.tpl @@ -166,6 +166,13 @@ "Type": "A" } }, + "URIRewriteLambdaLogGroup": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "LogGroupName": "/aws/lambda/us-east-1.blog-kennyballou-URIRewriteLambdaFunction-5MXFF1KIA87D", + "RetentionInDays": 90 + } + }, "URIRewriteLambdaFunction": { "Type": "AWS::Lambda::Function", "Properties": { @@ -209,12 +216,14 @@ { "Effect": "Allow", "Action": [ - "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": [ - "arn:aws:logs:*:*:*" + {"Fn::GetAtt": ["URIRewriteLambdaLogGroup", "Arn"]}, + {"Fn::Join": ["", [ + {"Fn::GetAtt": ["URIRewriteLambdaLogGroup", "Arn"]}, + "/*"]]} ] } ] |