From 787ab0b4b18003875346c7f9e98f1b2264fded46 Mon Sep 17 00:00:00 2001 From: Kenny Ballou Date: Wed, 5 Feb 2020 17:33:15 -0700 Subject: blog: create uri rewrite log group explicitly This required some trickery to create, namely, the original log group needed to be deleted first and then, quickly, the changeset needed to be applied. Interestingly enough, if this is done quickly enough, the original log data is not actually lost, as of this writing. I personally don't think that was intended, however, I think I can understand how something like this could happen. It would be nice if it were possible to get the name of the log group that will be used from the lambda function resource. However, this does not currently seem possible. Signed-off-by: Kenny Ballou --- stacks/blog.tpl | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/stacks/blog.tpl b/stacks/blog.tpl index 3a6cd7f..3ca686c 100644 --- a/stacks/blog.tpl +++ b/stacks/blog.tpl @@ -166,6 +166,13 @@ "Type": "A" } }, + "URIRewriteLambdaLogGroup": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "LogGroupName": "/aws/lambda/us-east-1.blog-kennyballou-URIRewriteLambdaFunction-5MXFF1KIA87D", + "RetentionInDays": 90 + } + }, "URIRewriteLambdaFunction": { "Type": "AWS::Lambda::Function", "Properties": { @@ -209,12 +216,14 @@ { "Effect": "Allow", "Action": [ - "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": [ - "arn:aws:logs:*:*:*" + {"Fn::GetAtt": ["URIRewriteLambdaLogGroup", "Arn"]}, + {"Fn::Join": ["", [ + {"Fn::GetAtt": ["URIRewriteLambdaLogGroup", "Arn"]}, + "/*"]]} ] } ] -- cgit v1.2.1