Hello,
I’m writing a set of endpoints to do some fairly straight-forward CRUD on an entity. I need to be able to store a simple audit trail of changes across the multiple endpoints however.
I’m happy to create an additional CloudWatch Log Group (per stage) and simply write the audit log to this from my code.
I’ve managed to get Serverless to create the Log Group automatically for me (through resources) and I’ve also set up the iamRoleStatements to include the relevant rights to achieve what I need to do. Where I’m struggling however is in getting the name of the Log Group in my actual JS code in order to work with it.
Here’s a dummy serverless.yaml I’ve mocked up. It will create a CloudWatch Log Group named along the lines of “dummy-dev-audit-1RMVTZLOM5F0A”. I’d be happy if I either could get that whole string from somewhere (as per environment.auditPathAttempt1) or I’m happy to build it myself if I can figure out what the “1RMVTZLOM5F0A” part is (as per environment.auditPathAttempt2).
service: dummy
provider:
name: aws
runtime: nodejs6.10
stage: dev
region: eu-west-2
iamRoleStatements:
- Effect: “Allow”
Action:
- “logs:CreateLogStream”
Resource:
Fn::Join:
- “”
- - “arn:aws:logs:”
- Ref: AWS::Region
- “:”
- Ref: AWS::AccountId
- “:log-group:”
- Ref: audit
- “:"
- Effect: “Allow”
Action:
- “logs:PutLogEvents”
Resource:
Fn::Join:
- “”
- - “arn:aws:logs:”
- Ref: AWS::Region
- “:”
- Ref: AWS::AccountId
- “:log-group:”
- Ref: audit
- ":”
environment:
auditPathAttempt1: ${AUDIT_RESOURCE_NAME}
auditPathAttempt2: ${self:service}-${opt:stage, self:provider.stage}-audit-${MYSTERY_STRING}
resources:
Resources:
audit:
Type: AWS::Logs::LogGroup
functions:
list:
handler: handler.list
get:
handler: handler.get
create:
handler: handler.create
update:
handler: handler.update
delete:
handler: handler.delete
Any assistance you could provide would be highly appreciated.
Thank you in advance,
Tommy