Skip to content

Commit fe87622

Browse files
JayDweeJayDwee
committed
fix: message attributes
1 parent bf27e1f commit fe87622

File tree

2 files changed

+32
-2
lines changed

2 files changed

+32
-2
lines changed

api/src/audit.rs

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,10 @@ where
1717
match sqs
1818
.send_message()
1919
.queue_url(&queue_url)
20-
.message_attributes("kind", MessageAttributeValue::builder().string_value("audit").build().unwrap())
20+
.message_attributes("kind", MessageAttributeValue::builder()
21+
.data_type("String")
22+
.string_value("audit")
23+
.build().unwrap())
2124
.message_body(serde_json::to_string(audit).unwrap())
2225
.send()
2326
.await {

infra/modules/compute/lambda/main.tf

Lines changed: 28 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -113,14 +113,41 @@ resource "aws_lambda_function" "lambda_function" {
113113
}
114114
}
115115

116+
resource "aws_cloudwatch_log_group" "consumer" {
117+
name = "/aws/lambda/${aws_lambda_function.lambda_consumer.function_name}" # Replace with your log group name
118+
retention_in_days = 14 # Set the desired retention period in days
119+
}
120+
121+
122+
data "aws_iam_policy_document" "consumer_cloudwatch_readwrite" {
123+
statement {
124+
effect = "Allow"
125+
actions = ["logs:CreateLogGroup", ]
126+
resources = ["arn:aws:logs:${data.aws_region.current.region}:${data.aws_caller_identity.current.account_id}:*"]
127+
}
128+
129+
statement {
130+
effect = "Allow"
131+
actions = ["logs:CreateLogStream", "logs:PutLogEvents", ]
132+
resources = [
133+
"${aws_cloudwatch_log_group.default.arn}:*"
134+
]
135+
}
136+
}
137+
138+
resource "aws_iam_policy" "consumer_cloudwatch_readwrite" {
139+
name = "kb2-consumer-cloudwatch-readwrite-policy-${var.deployment_env}"
140+
policy = data.aws_iam_policy_document.consumer_cloudwatch_readwrite.json
141+
}
142+
116143
resource "aws_iam_role" "lambda_consumer_role" {
117144
name = "kb2-lambda-consumer-role-${var.deployment_env}"
118145
assume_role_policy = data.aws_iam_policy_document.assume_role.json
119146
}
120147

121148
resource "aws_iam_role_policy_attachment" "consumer_role_attach" {
122149
role = aws_iam_role.lambda_consumer_role.name
123-
policy_arn = aws_iam_policy.cloudwatch_readwrite.arn
150+
policy_arn = aws_iam_policy.consumer_cloudwatch_readwrite.arn
124151
}
125152

126153
resource "aws_iam_role_policy_attachment" "consumer_dsql_dbconnect_attach" {

0 commit comments

Comments
 (0)