-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
events: log group target #20855
Comments
Possible workaroundIf do not like to have a custom lambda managing the policy, you can create a dummy resource which prevents the construct to create the custom resource lambda.
|
Because of the breaking change, would need a feature flag |
Possibly changing the /**
* Returns a RuleTarget that can be used to log an event into a CloudWatch LogGroup
*/
public bind(_rule: events.IRule, _id?: string): events.RuleTargetConfig {
const logGroupStack = cdk.Stack.of(this.logGroup);
if (this.props.event && this.props.logEvent) {
throw new Error('Only one of "event" or "logEvent" can be specified');
}
this.target = this.props.event?.bind(_rule);
if (this.target?.inputPath || this.target?.input) {
throw new Error('CloudWatchLogGroup targets does not support input or inputPath');
}
_rule.node.addValidation({ validate: () => this.validateInputTemplate() });
this.logGroup.grantWrite(new iam.ServicePrincipal('events.amazonaws.com'));
return {
...bindBaseTargetConfig(this.props),
arn: logGroupStack.formatArn({
service: 'logs',
resource: 'log-group',
arnFormat: ArnFormat.COLON_RESOURCE_NAME,
resourceName: this.logGroup.logGroupName,
}),
input: this.props.event ?? this.props.logEvent,
targetResource: this.logGroup,
};
} With potential unit test, something like this: test('grant write permissions to log group', () => {
// GIVEN
const stack = new cdk.Stack();
const logGroup = new logs.LogGroup(stack, 'MyLogGroup', {
logGroupName: '/aws/events/MyLogGroup',
});
const rule1 = new events.Rule(stack, 'Rule', {
schedule: events.Schedule.rate(cdk.Duration.minutes(1)),
});
// WHEN
rule1.addTarget(new targets.CloudWatchLogGroup(logGroup));
// THEN
Template.fromStack(stack).hasResourceProperties('AWS::Logs::ResourcePolicy', {
PolicyDocument: {
Statement: [
{
Action: ['logs:CreateLogStream', 'logs:PutLogEvents'],
Effect: 'Allow',
Principal: { Service: 'events.amazonaws.com' },
Resource: { 'Fn::GetAtt': ['MyLogGroup5C0DAD85', 'Arn'] },
},
],
},
});
}); I was planning to do it myself, but I can't seem to get the integration tests to run without my computer freezing up and making intense fan revving sounds similar to a jet engine. 😅 |
Describe the feature
In #10598, the author added support for CloudWatch Logs log group as a target of an EventBridge event bus. The author noted that at that time, CloudFormation did not have support for CWL resource policy, they used a custom lambda to manipulate the policy. Since then, CFN added the resource support and another author added support in #17015.
Now the custom resource added in #10598 can be removed in favour of the native support.
Note that this may be a breaking change as CDK needs to manage the resource policy by importing it to the stack.
Use Case
Removing tech debt. Custom resource lambda functions require S3 bucket to provision the code.
Proposed Solution
No response
Other Information
No response
Acknowledgements
CDK version used
2.29.0
Environment details (OS name and version, etc.)
N/A
The text was updated successfully, but these errors were encountered: