generated from TechNative-B-V/terraform-aws-module-template
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcloudwatch_logs.tf
45 lines (33 loc) · 1.08 KB
/
cloudwatch_logs.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
resource "aws_cloudwatch_log_group" "cloudwatch_logs" {
name = "/aws/lambda/${aws_lambda_function.this.function_name}"
kms_key_id = var.kms_key_arn
retention_in_days = 90
}
data "aws_iam_policy_document" "cloudwatch_logs" {
statement {
sid = "AllowCloudWatchLogs"
actions = ["logs:PutLogEvents", "logs:CreateLogStream"]
resources = ["${aws_cloudwatch_log_group.cloudwatch_logs.arn}:*"]
}
# not required, works without...
# statement {
# sid = "AllowCloudWatchMetrics"
# actions = [ "logs:PutMetricData" ]
# resources = [ "*" ]
# condition {
# test = "StringEquals"
# variable = "cloudwatch:namespace"
# values = [ "AWS/Lambda" ]
# }
# }
}
resource "aws_iam_policy" "cloudwatch_logs" {
name = "lambda_cloudwatch_${var.name}"
description = "lambda_cloudwatch_${var.name}"
path = "/lambda/${var.name}/"
policy = data.aws_iam_policy_document.cloudwatch_logs.json
}
resource "aws_iam_role_policy_attachment" "cloudwatch_logs" {
role = local.role_name
policy_arn = aws_iam_policy.cloudwatch_logs.arn
}