Skip to content

Commit 9df4c76

Browse files
chrispsheehanchrispsheehan
committed
chore: allow lambda to log to cloudwatch
1 parent c37dced commit 9df4c76

File tree

4 files changed

+38
-4
lines changed

4 files changed

+38
-4
lines changed

infra/modules/aws/lambda/data.tf

Lines changed: 20 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -39,8 +39,8 @@ data "aws_iam_policy_document" "codedeploy_lambda" {
3939
"lambda:ListVersionsByFunction",
4040
]
4141
resources = [
42-
aws_lambda_function.fn.arn,
43-
"${aws_lambda_function.fn.arn}:*",
42+
aws_lambda_function.lambda.arn,
43+
"${aws_lambda_function.lambda.arn}:*",
4444
]
4545
}
4646

@@ -51,3 +51,21 @@ data "aws_iam_policy_document" "codedeploy_lambda" {
5151
resources = ["*"]
5252
}
5353
}
54+
55+
data "aws_iam_policy_document" "lambda_iam_policy" {
56+
statement {
57+
sid = "AllowLambdaCloudwatchLogGroupPut"
58+
59+
actions = [
60+
"logs:CreateLogStream",
61+
"logs:PutLogEvents"
62+
]
63+
64+
effect = "Allow"
65+
66+
resources = [
67+
"${aws_cloudwatch_log_group.lambda_cloudwatch_group.arn}",
68+
"${aws_cloudwatch_log_group.lambda_cloudwatch_group.arn}:*"
69+
]
70+
}
71+
}

infra/modules/aws/lambda/main.tf

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,11 @@ resource "aws_lambda_function" "lambda" {
2525
}
2626
}
2727

28+
resource "aws_cloudwatch_log_group" "lambda_cloudwatch_group" {
29+
name = "/aws/lambda/${local.lambda_name}"
30+
retention_in_days = var.log_retention_days
31+
}
32+
2833
resource "aws_lambda_alias" "live" {
2934
name = var.environment
3035
function_name = aws_lambda_function.lambda.arn
@@ -62,4 +67,4 @@ resource "aws_codedeploy_deployment_group" "dg" {
6267
enabled = true
6368
events = ["DEPLOYMENT_FAILURE", "DEPLOYMENT_STOP_ON_ALARM"]
6469
}
65-
}
70+
}

infra/modules/aws/lambda/outputs.tf

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,4 +4,8 @@ output "name" {
44

55
output "arn" {
66
value = aws_lambda_function.lambda.arn
7-
}
7+
}
8+
9+
output "cloudwatch_log_group" {
10+
value = aws_cloudwatch_log_group.lambda_cloudwatch_group.name
11+
}

infra/modules/aws/lambda/variables.tf

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,3 +27,10 @@ variable "lambda_version" {
2727
description = "Lambda code version to be deployed. Used in locating zip file keys"
2828
}
2929
### end of dynamic vars required for resources ###
30+
31+
32+
variable "log_retention_days" {
33+
type = number
34+
description = "Number of days to hold logs"
35+
default = 1
36+
}

0 commit comments

Comments
 (0)