Adding stack name to lambda log policy name (#163)

* [WIP] - adding stack name to lambda log policy name

* Prerelease

* New property to override log property name

* Add JSDoc

* Add test for override

---------

Co-authored-by: bilindhajer <bilind.hajer@mapbox.com>

Author: ryndaniels

changelog.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## 9.2.0
+
+- Inline policy for Lambda Shortcut name will change from `${LogicalName}-lambda-log-access` to `${AWS::StackName}-${LogicalName}-lambda-log-access`. This is the new default value. You can override default value using property `LogPolicyName`.
+
 ## 9.1.1
 
 - Add DeletionPolicy for the IAM Policy in Lamdba shortcuts.

lib/shortcuts/api.md

@@ -425,6 +425,7 @@ Log Group, a Role, an Alarm on function errors, and the Lambda Function itself.
 | [options.OKActions] | <code>Array.&lt;String&gt;</code> |  | See [AWS documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cw-alarm.html#cfn-cloudwatch-alarms-okactions). |
 | [options.LogRetentionInDays] | <code>Number</code> | <code>14</code> | How long to retain CloudWatch logs for this Lambda function. See [AWS Documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html) for allowed values. |
 | [options.LogPolicyDeletionPolicy] | <code>String</code> | <code>&#x27;Delete&#x27;</code> | DeletionPolicy on the IAM Policy resource used to access Logs. See [AWS Documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-attribute-deletionpolicy.html) for allowed values. |
+| [options.LogPolicyName] | <code>String</code> | <code>&#x27;${stack-name}-${logical-name}-lambda-log-access&#x27;</code> | The name of the IAM Policy used to access CloudWatch Logs. |
 
 **Example**  
 ```js

lib/shortcuts/lambda.js

@@ -49,6 +49,7 @@ const ServiceRole = require('./service-role');
  * @param {Array<String>} [options.OKActions=undefined] - See [AWS documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cw-alarm.html#cfn-cloudwatch-alarms-okactions).
  * @param {Number} [options.LogRetentionInDays=14] - How long to retain CloudWatch logs for this Lambda function. See [AWS Documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html) for allowed values.
  * @param {String} [options.LogPolicyDeletionPolicy='Delete'] - DeletionPolicy on the IAM Policy resource used to access Logs. See [AWS Documentation](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-attribute-deletionpolicy.html) for allowed values.
+ * @param {String} [options.LogPolicyName='${stack-name}-${logical-name}-lambda-log-access'] - The name of the IAM Policy used to access CloudWatch Logs.
  * @example
  * const cf = require('@mapbox/cloudfriend');
  *
@@ -109,7 +110,8 @@ class Lambda {
       ExtendedStatistic,
       OKActions,
       LogRetentionInDays = 14,
-      LogPolicyDeletionPolicy = 'Delete'
+      LogPolicyDeletionPolicy = 'Delete',
+      LogPolicyName = { 'Fn::Sub': `\${AWS::StackName}-${LogicalName}-lambda-log-access` }
     } = options;
 
     if (options.EvaluationPeriods < Math.ceil(Timeout / Period))
@@ -205,7 +207,7 @@ class Lambda {
         DependsOn: (RoleArn) ? undefined : `${LogicalName}Role`,
         DeletionPolicy: LogPolicyDeletionPolicy,
         Properties: {
-          PolicyName: `${LogicalName}-lambda-log-access`,
+          PolicyName: LogPolicyName,
           Roles: [roleName],
           PolicyDocument: {
             Version: '2012-10-17',

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@mapbox/cloudfriend",
-  "version": "9.1.1",
+  "version": "9.2.0",
   "description": "Helper functions for assembling CloudFormation templates in JavaScript",
   "main": "index.js",
   "engines": {

package.json

@@ -88,7 +88,7 @@
       "DependsOn": "MyLambdaRole",
       "DeletionPolicy": "Delete",
       "Properties": {
-        "PolicyName": "MyLambda-lambda-log-access",
+        "PolicyName": { "Fn::Sub": "${AWS::StackName}-MyLambda-lambda-log-access" },
         "Roles": [
           {
             "Ref": "MyLambdaRole"

test/fixtures/shortcuts/event-lambda-custom-eventbus.json

@@ -88,7 +88,9 @@
       "DependsOn": "MyLambdaRole",
       "DeletionPolicy": "Delete",
       "Properties": {
-        "PolicyName": "MyLambda-lambda-log-access",
+        "PolicyName": {
+          "Fn::Sub": "${AWS::StackName}-MyLambda-lambda-log-access"
+        },
         "Roles": [
           {
             "Ref": "MyLambdaRole"
@@ -197,4 +199,4 @@
     }
   },
   "Outputs": {}
-}
+}

test/fixtures/shortcuts/event-lambda-defaults.json

@@ -88,7 +88,9 @@
       "DependsOn": "MyLambdaRole",
       "DeletionPolicy": "Delete",
       "Properties": {
-        "PolicyName": "MyLambda-lambda-log-access",
+        "PolicyName": {
+          "Fn::Sub": "${AWS::StackName}-MyLambda-lambda-log-access"
+        },
         "Roles": [
           {
             "Ref": "MyLambdaRole"
@@ -197,4 +199,4 @@
     }
   },
   "Outputs": {}
-}
+}

test/fixtures/shortcuts/event-lambda-full.json

@@ -226,7 +226,7 @@
       "DependsOn": "PassFunctionRole",
       "DeletionPolicy": "Delete",
       "Properties": {
-        "PolicyName": "PassFunction-lambda-log-access",
+        "PolicyName": { "Fn::Sub": "${AWS::StackName}-PassFunction-lambda-log-access" },
         "Roles": [
           {
             "Ref": "PassFunctionRole"
@@ -368,7 +368,7 @@
       "DependsOn": "DestinationRole",
       "DeletionPolicy": "Delete",
       "Properties": {
-        "PolicyName": "Destination-lambda-log-access",
+        "PolicyName": { "Fn::Sub": "${AWS::StackName}-Destination-lambda-log-access" },
         "Roles": [
           {
             "Ref": "DestinationRole"

test/fixtures/shortcuts/hookshot-github-compatible-legacy-node-runtimes.json

@@ -28,7 +28,7 @@
       "Type": "AWS::ApiGateway::Stage",
       "Properties": {
         "DeploymentId": {
-          "Ref": "PassDeploymentbdbc0f16"
+          "Ref": "PassDeployment6d7d2c50"
         },
         "StageName": "hookshot",
         "RestApiId": {
@@ -47,7 +47,7 @@
         ]
       }
     },
-    "PassDeploymentbdbc0f16": {
+    "PassDeployment6d7d2c50": {
       "Type": "AWS::ApiGateway::Deployment",
       "DependsOn": "PassMethod",
       "Properties": {
@@ -232,7 +232,9 @@
       "DependsOn": "PassFunctionRole",
       "DeletionPolicy": "Delete",
       "Properties": {
-        "PolicyName": "PassFunction-lambda-log-access",
+        "PolicyName": {
+          "Fn::Sub": "${AWS::StackName}-PassFunction-lambda-log-access"
+        },
         "Roles": [
           {
             "Ref": "PassFunctionRole"
@@ -374,7 +376,9 @@
       "DependsOn": "DestinationRole",
       "DeletionPolicy": "Delete",
       "Properties": {
-        "PolicyName": "Destination-lambda-log-access",
+        "PolicyName": {
+          "Fn::Sub": "${AWS::StackName}-Destination-lambda-log-access"
+        },
         "Roles": [
           {
             "Ref": "DestinationRole"
@@ -430,4 +434,4 @@
       }
     }
   }
-}
+}