diff --git a/lib/plugins/aws/package/lib/mergeIamTemplates.js b/lib/plugins/aws/package/lib/mergeIamTemplates.js index cb74e820d..2698be83f 100644 --- a/lib/plugins/aws/package/lib/mergeIamTemplates.js +++ b/lib/plugins/aws/package/lib/mergeIamTemplates.js @@ -83,33 +83,32 @@ module.exports = { } ); - this.serverless.service.getAllFunctions().forEach((functionName) => { - const functionObject = this.serverless.service.getFunction(functionName); + const logGroupsPrefix = this.provider.naming + .getLogGroupName(`${this.provider.serverless.service.service}-${this.provider.getStage()}`); - this.serverless.service.provider.compiledCloudFormationTemplate - .Resources[this.provider.naming.getRoleLogicalId()] - .Properties - .Policies[0] - .PolicyDocument - .Statement[0] - .Resource - .push({ - 'Fn::Sub': 'arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}' + - `:log-group:${this.provider.naming.getLogGroupName(functionObject.name)}:*`, - }); + this.serverless.service.provider.compiledCloudFormationTemplate + .Resources[this.provider.naming.getRoleLogicalId()] + .Properties + .Policies[0] + .PolicyDocument + .Statement[0] + .Resource + .push({ + 'Fn::Sub': 'arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}' + + `:log-group:${logGroupsPrefix}*:*`, + }); - this.serverless.service.provider.compiledCloudFormationTemplate - .Resources[this.provider.naming.getRoleLogicalId()] - .Properties - .Policies[0] - .PolicyDocument - .Statement[1] - .Resource - .push({ - 'Fn::Sub': 'arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}' + - `:log-group:${this.provider.naming.getLogGroupName(functionObject.name)}:*:*`, - }); - }); + this.serverless.service.provider.compiledCloudFormationTemplate + .Resources[this.provider.naming.getRoleLogicalId()] + .Properties + .Policies[0] + .PolicyDocument + .Statement[1] + .Resource + .push({ + 'Fn::Sub': 'arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}' + + `:log-group:${logGroupsPrefix}*:*:*`, + }); if (this.serverless.service.provider.iamRoleStatements) { // add custom iam role statements diff --git a/lib/plugins/aws/package/lib/mergeIamTemplates.test.js b/lib/plugins/aws/package/lib/mergeIamTemplates.test.js index 43df16c77..59a41473c 100644 --- a/lib/plugins/aws/package/lib/mergeIamTemplates.test.js +++ b/lib/plugins/aws/package/lib/mergeIamTemplates.test.js @@ -50,7 +50,9 @@ describe('#mergeIamTemplates()', () => { it('should merge the IamRoleLambdaExecution template into the CloudFormation template', () => awsPackage.mergeIamTemplates() .then(() => { - const qualifiedFunction = awsPackage.serverless.service.getFunction(functionName).name; + const canonicalFunctionsPrefix = + `${awsPackage.serverless.service.service}-${awsPackage.provider.getStage()}`; + expect(awsPackage.serverless.service.provider.compiledCloudFormationTemplate .Resources[awsPackage.provider.naming.getRoleLogicalId()] ).to.deep.equal({ @@ -96,7 +98,7 @@ describe('#mergeIamTemplates()', () => { Resource: [ { 'Fn::Sub': 'arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:' - + `log-group:/aws/lambda/${qualifiedFunction}:*`, + + `log-group:/aws/lambda/${canonicalFunctionsPrefix}*:*`, }, ], }, @@ -108,7 +110,7 @@ describe('#mergeIamTemplates()', () => { Resource: [ { 'Fn::Sub': 'arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:' - + `log-group:/aws/lambda/${qualifiedFunction}:*:*`, + + `log-group:/aws/lambda/${canonicalFunctionsPrefix}*:*:*`, }, ], }, @@ -374,91 +376,6 @@ describe('#mergeIamTemplates()', () => { }); }); - it('should update IamRoleLambdaExecution with a logging resource for the function', () => { - const qualifiedFunction = awsPackage.serverless.service.getFunction(functionName).name; - return awsPackage.mergeIamTemplates().then(() => { - expect(awsPackage.serverless.service.provider.compiledCloudFormationTemplate - .Resources[awsPackage.provider.naming.getRoleLogicalId()] - .Properties - .Policies[0] - .PolicyDocument - .Statement[0] - .Resource - ).to.deep.equal([ - { - 'Fn::Sub': 'arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:' - + `log-group:/aws/lambda/${qualifiedFunction}:*`, - }, - ]); - expect(awsPackage.serverless.service.provider.compiledCloudFormationTemplate - .Resources[awsPackage.provider.naming.getRoleLogicalId()] - .Properties - .Policies[0] - .PolicyDocument - .Statement[1] - .Resource - ).to.deep.equal([ - { - 'Fn::Sub': 'arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:' - + `log-group:/aws/lambda/${qualifiedFunction}:*:*`, - }, - ]); - }); - }); - - it('should update IamRoleLambdaExecution with each function\'s logging resources', () => { - awsPackage.serverless.service.functions = { - func0: { - handler: 'func.function.handler', - name: 'func0', - }, - func1: { - handler: 'func.function.handler', - name: 'func1', - }, - }; - return awsPackage.mergeIamTemplates().then(() => { - expect(awsPackage.serverless.service.provider.compiledCloudFormationTemplate - .Resources[awsPackage.provider.naming.getRoleLogicalId()] - .Properties - .Policies[0] - .PolicyDocument - .Statement[0] - .Resource - ).to.deep.equal( - [ - { - 'Fn::Sub': 'arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:' - + 'log-group:/aws/lambda/func0:*', - }, - { - 'Fn::Sub': 'arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:' - + 'log-group:/aws/lambda/func1:*', - }, - ] - ); - expect(awsPackage.serverless.service.provider.compiledCloudFormationTemplate - .Resources[awsPackage.provider.naming.getRoleLogicalId()] - .Properties - .Policies[0] - .PolicyDocument - .Statement[1] - .Resource - ).to.deep.equal( - [ - { - 'Fn::Sub': 'arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:' - + 'log-group:/aws/lambda/func0:*:*', - }, - { - 'Fn::Sub': 'arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:' - + 'log-group:/aws/lambda/func1:*:*', - }, - ] - ); - }); - }); - it('should add default role if one of the functions has an ARN role', () => { awsPackage.serverless.service.functions = { func0: {