Skip to content

Commit

Permalink
[Logs forwarder] update CFT - update lambda permission granting invok…
Browse files Browse the repository at this point in the history 
…e action to cloudwatch (#852)

* [Logs forwarder] update CFT - use forwarder ARN for granting invoke permissions to cloudwatch

* Add source arn field to cloudwatch lambda permission
  • Loading branch information
@ge0Aja
ge0Aja authored Oct 4, 2024
1 parent 285980c commit 67550ba
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions aws/logs_monitoring/template.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -654,13 +654,14 @@ Resources:
CloudWatchLogsPermission:
Type: AWS::Lambda::Permission
Properties:
FunctionName: !Ref "Forwarder"
FunctionName: !GetAtt "Forwarder.Arn"
Action: lambda:InvokeFunction
Principal: !If
- IsAWSChina
- !Sub "logs.${AWS::Region}.amazonaws.com.cn"
- !Sub "logs.${AWS::Region}.amazonaws.com"
- "logs.amazonaws.com.cn"
- "logs.amazonaws.com"
SourceAccount: !Ref "AWS::AccountId"
SourceArn: !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:*:*"
S3Permission:
Type: AWS::Lambda::Permission
Properties:
Expand Down

0 comments on commit 67550ba

Please sign in to comment.