Pull resource name into environment variable

Hello,

I’m writing a set of endpoints to do some fairly straight-forward CRUD on an entity. I need to be able to store a simple audit trail of changes across the multiple endpoints however.

I’m happy to create an additional CloudWatch Log Group (per stage) and simply write the audit log to this from my code.

I’ve managed to get Serverless to create the Log Group automatically for me (through resources) and I’ve also set up the iamRoleStatements to include the relevant rights to achieve what I need to do. Where I’m struggling however is in getting the name of the Log Group in my actual JS code in order to work with it.

Here’s a dummy serverless.yaml I’ve mocked up. It will create a CloudWatch Log Group named along the lines of “dummy-dev-audit-1RMVTZLOM5F0A”. I’d be happy if I either could get that whole string from somewhere (as per environment.auditPathAttempt1) or I’m happy to build it myself if I can figure out what the “1RMVTZLOM5F0A” part is (as per environment.auditPathAttempt2).

service: dummy

provider:
name: aws
runtime: nodejs6.10
stage: dev
region: eu-west-2

iamRoleStatements:
- Effect: "Allow"
Action:
- "logs:CreateLogStream"
Resource:
Fn::Join:
- “”
- - “arn:aws:logs:”
- Ref: AWS::Region
- “:”
- Ref: AWS::AccountId
- “:log-group:”
- Ref: audit
- “:"
- Effect: "Allow"
Action:
- "logs:PutLogEvents"
Resource:
Fn::Join:
- “”
- - “arn:aws:logs:”
- Ref: AWS::Region
- “:”
- Ref: AWS::AccountId
- “:log-group:”
- Ref: audit
- ":

environment:
auditPathAttempt1: ${AUDIT_RESOURCE_NAME}
auditPathAttempt2: ${self:service}-${opt:stage, self:provider.stage}-audit-${MYSTERY_STRING}

resources:
Resources:
audit:
Type: AWS::Logs::LogGroup

functions:
list:
handler: handler.list
get:
handler: handler.get
create:
handler: handler.create
update:
handler: handler.update
delete:
handler: handler.delete

Any assistance you could provide would be highly appreciated.

Thank you in advance,

Tommy

Please use backticks to quote your code samples, as it preserves formatting (which is very important in your serverless.yml.

You’ll need to create your log group and pass a reference to it in to your function.

One approach will be to create your audit log group separately, and export the name as an output and then reference via the CloudFormation output variables.

Another way that might work (but I haven’t tested) is using the CloudFormation Ref function in your function’s environment variables, and pulling the log group reference that way - it will only work if the Ref object is passed through to function’s CFN definition directly (and I haven’t looked at the code recently).

1 Like

Thanks for the tips.

Using the Ref function worked great, I would never have expected that I could use it there!

Glad it worked.

Most (but not all) of what you put in the serverless.yml ends up in your CloudFormation template, which means you can use all the Serverless goodies (e.g. variables, etc) and CFN goodies (e.g. Ref, etc). It’s one of my favourite things about SLS.

1 Like