Skip to content

Commit 1da1bcd

Browse files
Adding stack name to lambda log policy name (#163)
* [WIP] - adding stack name to lambda log policy name * Prerelease * New property to override log property name * Add JSDoc * Add test for override --------- Co-authored-by: bilindhajer <bilind.hajer@mapbox.com>
1 parent 7af761d commit 1da1bcd

33 files changed

+174
-85
lines changed

changelog.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,9 @@
11
# Changelog
22

3+
## 9.2.0
4+
5+
- Inline policy for Lambda Shortcut name will change from `${LogicalName}-lambda-log-access` to `${AWS::StackName}-${LogicalName}-lambda-log-access`. This is the new default value. You can override default value using property `LogPolicyName`.
6+
37
## 9.1.1
48

59
- Add DeletionPolicy for the IAM Policy in Lamdba shortcuts.

lib/shortcuts/api.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -425,6 +425,7 @@ Log Group, a Role, an Alarm on function errors, and the Lambda Function itself.
425425
| [options.OKActions] | <code>Array.&lt;String&gt;</code> | | See [AWS documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cw-alarm.html#cfn-cloudwatch-alarms-okactions). |
426426
| [options.LogRetentionInDays] | <code>Number</code> | <code>14</code> | How long to retain CloudWatch logs for this Lambda function. See [AWS Documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html) for allowed values. |
427427
| [options.LogPolicyDeletionPolicy] | <code>String</code> | <code>&#x27;Delete&#x27;</code> | DeletionPolicy on the IAM Policy resource used to access Logs. See [AWS Documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-attribute-deletionpolicy.html) for allowed values. |
428+
| [options.LogPolicyName] | <code>String</code> | <code>&#x27;${stack-name}-${logical-name}-lambda-log-access&#x27;</code> | The name of the IAM Policy used to access CloudWatch Logs. |
428429

429430
**Example**
430431
```js

lib/shortcuts/lambda.js

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,7 @@ const ServiceRole = require('./service-role');
4949
* @param {Array<String>} [options.OKActions=undefined] - See [AWS documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cw-alarm.html#cfn-cloudwatch-alarms-okactions).
5050
* @param {Number} [options.LogRetentionInDays=14] - How long to retain CloudWatch logs for this Lambda function. See [AWS Documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html) for allowed values.
5151
* @param {String} [options.LogPolicyDeletionPolicy='Delete'] - DeletionPolicy on the IAM Policy resource used to access Logs. See [AWS Documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-attribute-deletionpolicy.html) for allowed values.
52+
* @param {String} [options.LogPolicyName='${stack-name}-${logical-name}-lambda-log-access'] - The name of the IAM Policy used to access CloudWatch Logs.
5253
* @example
5354
* const cf = require('@mapbox/cloudfriend');
5455
*
@@ -109,7 +110,8 @@ class Lambda {
109110
ExtendedStatistic,
110111
OKActions,
111112
LogRetentionInDays = 14,
112-
LogPolicyDeletionPolicy = 'Delete'
113+
LogPolicyDeletionPolicy = 'Delete',
114+
LogPolicyName = { 'Fn::Sub': `\${AWS::StackName}-${LogicalName}-lambda-log-access` }
113115
} = options;
114116

115117
if (options.EvaluationPeriods < Math.ceil(Timeout / Period))
@@ -205,7 +207,7 @@ class Lambda {
205207
DependsOn: (RoleArn) ? undefined : `${LogicalName}Role`,
206208
DeletionPolicy: LogPolicyDeletionPolicy,
207209
Properties: {
208-
PolicyName: `${LogicalName}-lambda-log-access`,
210+
PolicyName: LogPolicyName,
209211
Roles: [roleName],
210212
PolicyDocument: {
211213
Version: '2012-10-17',

package-lock.json

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "@mapbox/cloudfriend",
3-
"version": "9.1.1",
3+
"version": "9.2.0",
44
"description": "Helper functions for assembling CloudFormation templates in JavaScript",
55
"main": "index.js",
66
"engines": {

test/fixtures/shortcuts/event-lambda-custom-eventbus.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -88,7 +88,7 @@
8888
"DependsOn": "MyLambdaRole",
8989
"DeletionPolicy": "Delete",
9090
"Properties": {
91-
"PolicyName": "MyLambda-lambda-log-access",
91+
"PolicyName": { "Fn::Sub": "${AWS::StackName}-MyLambda-lambda-log-access" },
9292
"Roles": [
9393
{
9494
"Ref": "MyLambdaRole"

test/fixtures/shortcuts/event-lambda-defaults.json

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -88,7 +88,9 @@
8888
"DependsOn": "MyLambdaRole",
8989
"DeletionPolicy": "Delete",
9090
"Properties": {
91-
"PolicyName": "MyLambda-lambda-log-access",
91+
"PolicyName": {
92+
"Fn::Sub": "${AWS::StackName}-MyLambda-lambda-log-access"
93+
},
9294
"Roles": [
9395
{
9496
"Ref": "MyLambdaRole"
@@ -197,4 +199,4 @@
197199
}
198200
},
199201
"Outputs": {}
200-
}
202+
}

test/fixtures/shortcuts/event-lambda-full.json

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -88,7 +88,9 @@
8888
"DependsOn": "MyLambdaRole",
8989
"DeletionPolicy": "Delete",
9090
"Properties": {
91-
"PolicyName": "MyLambda-lambda-log-access",
91+
"PolicyName": {
92+
"Fn::Sub": "${AWS::StackName}-MyLambda-lambda-log-access"
93+
},
9294
"Roles": [
9395
{
9496
"Ref": "MyLambdaRole"
@@ -197,4 +199,4 @@
197199
}
198200
},
199201
"Outputs": {}
200-
}
202+
}

test/fixtures/shortcuts/hookshot-github-compatible-legacy-node-runtimes.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -226,7 +226,7 @@
226226
"DependsOn": "PassFunctionRole",
227227
"DeletionPolicy": "Delete",
228228
"Properties": {
229-
"PolicyName": "PassFunction-lambda-log-access",
229+
"PolicyName": { "Fn::Sub": "${AWS::StackName}-PassFunction-lambda-log-access" },
230230
"Roles": [
231231
{
232232
"Ref": "PassFunctionRole"
@@ -368,7 +368,7 @@
368368
"DependsOn": "DestinationRole",
369369
"DeletionPolicy": "Delete",
370370
"Properties": {
371-
"PolicyName": "Destination-lambda-log-access",
371+
"PolicyName": { "Fn::Sub": "${AWS::StackName}-Destination-lambda-log-access" },
372372
"Roles": [
373373
{
374374
"Ref": "DestinationRole"

test/fixtures/shortcuts/hookshot-github-secret-ref.json

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@
2828
"Type": "AWS::ApiGateway::Stage",
2929
"Properties": {
3030
"DeploymentId": {
31-
"Ref": "PassDeploymentbdbc0f16"
31+
"Ref": "PassDeployment6d7d2c50"
3232
},
3333
"StageName": "hookshot",
3434
"RestApiId": {
@@ -47,7 +47,7 @@
4747
]
4848
}
4949
},
50-
"PassDeploymentbdbc0f16": {
50+
"PassDeployment6d7d2c50": {
5151
"Type": "AWS::ApiGateway::Deployment",
5252
"DependsOn": "PassMethod",
5353
"Properties": {
@@ -232,7 +232,9 @@
232232
"DependsOn": "PassFunctionRole",
233233
"DeletionPolicy": "Delete",
234234
"Properties": {
235-
"PolicyName": "PassFunction-lambda-log-access",
235+
"PolicyName": {
236+
"Fn::Sub": "${AWS::StackName}-PassFunction-lambda-log-access"
237+
},
236238
"Roles": [
237239
{
238240
"Ref": "PassFunctionRole"
@@ -374,7 +376,9 @@
374376
"DependsOn": "DestinationRole",
375377
"DeletionPolicy": "Delete",
376378
"Properties": {
377-
"PolicyName": "Destination-lambda-log-access",
379+
"PolicyName": {
380+
"Fn::Sub": "${AWS::StackName}-Destination-lambda-log-access"
381+
},
378382
"Roles": [
379383
{
380384
"Ref": "DestinationRole"
@@ -430,4 +434,4 @@
430434
}
431435
}
432436
}
433-
}
437+
}

0 commit comments

Comments
 (0)