sparse-intern-71089
12/29/2022, 4:48 PMjolly-fall-57688
12/29/2022, 5:58 PMimport pulumi
import pulumi_aws as aws
config = pulumi.Config()
lambda_function_name = config.get("lambdaFunctionName")
if lambda_function_name is None:
lambda_function_name = "lambda_function_name"
# This is to optionally manage the CloudWatch Log Group for the Lambda Function.
# If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
example = aws.cloudwatch.LogGroup("example", retention_in_days=14)
# See also the following AWS managed policy: AWSLambdaBasicExecutionRole
lambda_logging = aws.iam.Policy("lambdaLogging",
path="/",
description="IAM policy for logging from a lambda",
policy="""{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*",
"Effect": "Allow"
}
]
}
""")
lambda_logs = aws.iam.RolePolicyAttachment("lambdaLogs",
role=aws_iam_role["iam_for_lambda"]["name"],
policy_arn=lambda_logging.arn)
test_lambda = aws.lambda_.Function("testLambda", opts=pulumi.ResourceOptions(depends_on=[
lambda_logs,
example,
]))