feat: LLMO-3231 byocdn-fastly default auth method is iam role (#1384)

Please ensure your pull request adheres to the following guidelines:
- [ ] make sure to link the related issues in this description
- [ ] when merging / squashing, make sure the fixed issue references are
visible in the commits, for easy compilation of release notes

## Related Issues


Thanks for contributing!

Author: ctinp

package-lock.json

@@ -62,24 +62,31 @@ const FASTLY_LOG_FORMAT = `{
     "time_to_first_byte": "%{time.to_first_byte}V"
 }`;
 const CDN_TRANSFORMATIONS = {
-  'byocdn-fastly': (payload) => ({
-    'Bucket Name': payload.bucketName,
-    Domain: `s3.${payload.region}.amazonaws.com`,
-    Path: `${payload.allowedPaths?.[0] || ''}%Y/%m/%d/%H/`,
-    'Timestamp Format': '%Y-%m-%dT%H:%M:%S.000',
-    Placement: 'Format Version Default',
-    'Log format': FASTLY_LOG_FORMAT,
-    'Access method': 'User credentials',
-    ...transformCredentialFields(payload),
-    Period: 300,
-    'Log line format': 'Blank',
-    Compression: 'Gzip',
-    'Redundancy level': 'Standard',
-    ACL: 'None',
-    'Server side encryption': 'None',
-    'Maximum bytes': 0,
-    HelpUrl: 'https://www.fastly.com/documentation/guides/integrations/logging-endpoints/log-streaming-amazon-s3/',
-  }),
+  'byocdn-fastly': (payload) => {
+    const authMethodLabel = payload.authMethod === 'iam_role' ? 'IAM Role' : 'User credentials';
+    const authFields = payload.authMethod === 'iam_role'
+      ? { 'Role ARN': payload.roleArn }
+      : transformCredentialFields(payload);
+
+    return {
+      'Bucket Name': payload.bucketName,
+      Domain: `s3.${payload.region}.amazonaws.com`,
+      Path: `${payload.allowedPaths?.[0] || ''}%Y/%m/%d/%H/`,
+      'Timestamp Format': '%Y-%m-%dT%H:%M:%S.000',
+      Placement: 'Format Version Default',
+      'Log format': FASTLY_LOG_FORMAT,
+      'Access method': authMethodLabel,
+      ...authFields,
+      Period: 300,
+      'Log line format': 'Blank',
+      Compression: 'Gzip',
+      'Redundancy level': 'Standard',
+      ACL: 'None',
+      'Server side encryption': 'None',
+      'Maximum bytes': 0,
+      HelpUrl: 'https://www.fastly.com/documentation/guides/integrations/logging-endpoints/log-streaming-amazon-s3/',
+    };
+  },
   'byocdn-akamai': (payload) => ({
     'Bucket Name': payload.bucketName,
     Region: payload.region,
@@ -238,7 +245,22 @@ const prettifyLogForwardingConfig = (payload) => {
     throw new Error('allowedPaths is required in payload');
   }
 
-  if (payload.logSource === 'byocdn-fastly' || payload.logSource === 'byocdn-akamai' || payload.logSource === 'byocdn-other') {
+  if (payload.logSource === 'byocdn-fastly') {
+    if (payload.authMethod === 'user_credentials') {
+      if (!payload.accessKey && !payload.currentAccessKey) {
+        throw new Error('accessKey or currentAccessKey is required in payload');
+      }
+      if (!payload.secretKey && !payload.currentSecretKey) {
+        throw new Error('secretKey or currentSecretKey is required in payload');
+      }
+    } else if (payload.authMethod === 'iam_role') {
+      if (!payload.roleArn) {
+        throw new Error('roleArn is required in payload when authMethod is iam_role');
+      }
+    }
+  }
+
+  if (payload.logSource === 'byocdn-akamai' || payload.logSource === 'byocdn-other') {
     if (!payload.accessKey && !payload.currentAccessKey) {
       throw new Error('accessKey or currentAccessKey is required in payload');
     }

packages/spacecat-shared-utils/src/cdn-helpers.js

@@ -113,6 +113,38 @@ describe('CDN Helper Functions', () => {
         // Should use empty string as prefix
         expect(result.Path).to.equal('%Y/%m/%d/%H/');
       });
+
+      it('should transform payload for byocdn-fastly with iam_role authMethod', () => {
+        const iamRolePayload = {
+          ...mockPayload,
+          logSource: 'byocdn-fastly',
+          authMethod: 'iam_role',
+          roleArn: 'arn:aws:iam::123456789012:role/FastlyCDNRole',
+        };
+        delete iamRolePayload.accessKey;
+        delete iamRolePayload.secretKey;
+
+        const result = prettifyLogForwardingConfig(iamRolePayload);
+
+        expect(result).to.deep.equal({
+          'Bucket Name': 'cdn-logs-adobe-dev',
+          Domain: 's3.us-east-1.amazonaws.com',
+          Path: '9E1005A551ED61CA0A490D45@AdobeOrg/raw/byocdn-fastly/%Y/%m/%d/%H/',
+          'Timestamp Format': '%Y-%m-%dT%H:%M:%S.000',
+          Placement: 'Format Version Default',
+          'Log format': FASTLY_LOG_FORMAT,
+          'Access method': 'IAM Role',
+          'Role ARN': 'arn:aws:iam::123456789012:role/FastlyCDNRole',
+          Period: 300,
+          'Log line format': 'Blank',
+          Compression: 'Gzip',
+          'Redundancy level': 'Standard',
+          ACL: 'None',
+          'Server side encryption': 'None',
+          'Maximum bytes': 0,
+          HelpUrl: 'https://www.fastly.com/documentation/guides/integrations/logging-endpoints/log-streaming-amazon-s3/',
+        });
+      });
     });
 
     describe('other CDN types', () => {
@@ -376,6 +408,15 @@ describe('CDN Helper Functions', () => {
         );
       });
 
+      it('should throw error when roleArn is missing for byocdn-fastly with iam_role authMethod', () => {
+        const payloadWithoutRoleArn = { ...mockPayload, authMethod: 'iam_role' };
+        delete payloadWithoutRoleArn.accessKey;
+        delete payloadWithoutRoleArn.secretKey;
+        expect(() => prettifyLogForwardingConfig(payloadWithoutRoleArn)).to.throw(
+          'roleArn is required in payload when authMethod is iam_role',
+        );
+      });
+
       it('should throw error when accessKey/currentAccessKey is missing for byocdn-akamai', () => {
         const payloadWithoutAccessKey = { ...mockPayload, logSource: 'byocdn-akamai' };
         delete payloadWithoutAccessKey.accessKey;