-
Notifications
You must be signed in to change notification settings - Fork 4k
/
log-group.ts
60 lines (54 loc) · 2 KB
/
log-group.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
import * as events from '@aws-cdk/aws-events';
import * as iam from '@aws-cdk/aws-iam';
import * as logs from '@aws-cdk/aws-logs';
import * as cdk from '@aws-cdk/core';
import { LogGroupResourcePolicy } from './log-group-resource-policy';
import { TargetBaseProps, bindBaseTargetConfig } from './util';
/**
* Customize the CloudWatch LogGroup Event Target
*/
export interface LogGroupProps extends TargetBaseProps {
/**
* The event to send to the CloudWatch LogGroup
*
* This will be the event logged into the CloudWatch LogGroup
*
* @default - the entire EventBridge event
*/
readonly event?: events.RuleTargetInput;
}
/**
* Use an AWS CloudWatch LogGroup as an event rule target.
*/
export class CloudWatchLogGroup implements events.IRuleTarget {
constructor(private readonly logGroup: logs.ILogGroup, private readonly props: LogGroupProps = {}) {}
/**
* Returns a RuleTarget that can be used to log an event into a CloudWatch LogGroup
*/
public bind(_rule: events.IRule, _id?: string): events.RuleTargetConfig {
// Use a custom resource to set the log group resource policy since it is not supported by CDK and cfn.
const resourcePolicyId = `EventsLogGroupPolicy${_rule.node.uniqueId}`;
const logGroupStack = cdk.Stack.of(this.logGroup);
if (!this.logGroup.node.tryFindChild(resourcePolicyId)) {
new LogGroupResourcePolicy(logGroupStack, resourcePolicyId, {
policyStatements: [new iam.PolicyStatement({
effect: iam.Effect.ALLOW,
actions: ['logs:PutLogEvents', 'logs:CreateLogStream'],
resources: [this.logGroup.logGroupArn],
principals: [new iam.ServicePrincipal('events.amazonaws.com')],
})],
});
}
return {
...bindBaseTargetConfig(this.props),
arn: logGroupStack.formatArn({
service: 'logs',
resource: 'log-group',
sep: ':',
resourceName: this.logGroup.logGroupName,
}),
input: this.props.event,
targetResource: this.logGroup,
};
}
}