provider/aws: cloudwatch_logs_subscription_filter resource #5996
Conversation
apparentlymart
changed the title
joshmyers
force-pushed
the
cwl_subscription_filter
branch
from
de0ea2a
to
0bfd781
Compare
|
Hi @joshmyers thanks so much for the PR, on trying to start reviewing this, I ran the tests and got the following: Please can you have a look at these? Thanks Paul |
stack72
added
the
waiting-response
joshmyers
force-pushed
the
cwl_subscription_filter
branch
from
0bfd781
to
719c93e
Compare
|
@stack72 I've fixed up the tests and rebased |
|
Hi @joshmyers this all looks good - there is 1 issue that we see in a few places right now This is due to IAM eventual consistency issues. I will speak to some of HC team about that before I merge I will keep you informed Paul |
|
@stack72 I can't reproduce this locally but I guess it is intermittent. Would be great to get this merged as we are using our fork of TF and have fallen behind a few releases. |
|
@stack72 Good talk last night, was hoping to catch up with you after but it went on longer than expected. Is there any update on this? |
|
Hi @joshmyers Glad you enjoyed the talk. I haven't been able to reproduce this error again so this is good to merge Thanks for all the work here :) Paul |
stack72
removed
the
waiting-response
|
Hello friends –
Unfortunately, I am not a IAM / Policy Guru, can anyone shed some light on what we're missing here in the config? resource "aws_cloudwatch_log_subscription_filter" "test_lambdafunction_logfilter" {
name = "test_lambdafunction_logfilter"
log_group_name = "example_lambda_name"
filter_pattern = "logtype test"
destination_arn = "${aws_lambda_function.test_lambdafunction.arn}"
}
resource "aws_lambda_function" "test_lambdafunction" {
filename = "test-fixtures/lambdatest.zip"
function_name = "example_lambda_name"
role = "${aws_iam_role.iam_for_lambda.arn}"
handler = "exports.handler"
}
resource "aws_cloudwatch_log_group" "logs" {
name = "example_lambda_name"
retention_in_days = 1
}
resource "aws_lambda_permission" "allow_cloudwatch_logs" {
statement_id = "AllowExecutionFromCloudWatchLogs"
action = "lambda:*"
function_name = "${aws_lambda_function.test_lambdafunction.arn}"
principal = "logs.eu-west-1.amazonaws.com"
}
resource "aws_iam_role" "iam_for_lambda" {
name = "test_lambdafuntion_iam_role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
resource "aws_iam_role_policy" "test_lambdafunction_iam_policy" {
name = "test_lambdafunction_iam_policy"
role = "${aws_iam_role.iam_for_lambda.id}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1441111030000",
"Effect": "Allow",
"Action": [
"dynamodb:*"
],
"Resource": [
"*"
]
}
]
}
EOF
} |
|
@catsby I originally thought this would be YAIAMECI™ (yet another IAM eventual consistency issue), but probably not this time. I took the exact config you pasted above, just changed All of our acceptance tests run in |
|
Oh no! Hard coded string :( my AWS creds have a default of region of eu-west so I didn't even notice that. Doh! |
|
@radeksimko BRILLIANT thank you :) |
|
Hi folks, just seen this.While writing tests I saw others which used a hardcoded string so I did the same. I thought it doesn't feel right but didn't get picked up. Apologies! |
|
@joshmyers no worries! (sorry for the very late reply) |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked and limited conversation to collaborators
Instead of #4813