update statmentId for the cloudwatch integrations

Author: guyrenny

CHANGELOG.md

@@ -1,4 +1,9 @@
 # Changelog
+
+## v1.0.11 / 2024-07-30
+### 🧰 Bug fixes 🧰
+- fix bug when trying to deploy CloudWatch integration with log group, with a name longer than 70 letters.
+
 ## v1.0.10 / 2024-07-23
 ### 💡 Enhancements 💡
 - Improved tamplate.yaml

custom-resource/index.py

@@ -409,10 +409,11 @@ def create(self):
 
         if LambdaPremissionPrefix and LambdaPremissionPrefix != [""]:
             for prefix in LambdaPremissionPrefix:
+                replaced_prefix =  self.check_statmentid_length(prefix)
                 try:
                     self.aws_lambda.add_permission(
                     FunctionName=lambda_arn,
-                    StatementId=f'allow-trigger-from-{prefix.replace("/", "-")}-log-groups',
+                    StatementId=f'allow-trigger-from-{replaced_prefix.replace("/", "-")}-log-groups',
                     Action='lambda:InvokeFunction',
                     Principal='logs.amazonaws.com',
                     SourceArn=f'arn:aws:logs:{region}:{account_id}:log-group:{prefix}*:*',
@@ -427,9 +428,10 @@ def create(self):
             )
             if not LambdaPremissionPrefix or LambdaPremissionPrefix == [""]:
                 if not response.get("subscriptionFilters") or response.get("subscriptionFilters")[0].get("destinationArn") != lambda_arn:
+                    replaced_prefix =  self.check_statmentid_length(log_group)
                     response = self.aws_lambda.add_permission(
                         FunctionName=lambda_arn,
-                        StatementId=f'allow-trigger-from-{log_group.replace("/", "-")}',
+                        StatementId=f'allow-trigger-from-{replaced_prefix.replace("/", "-")}',
                         Action='lambda:InvokeFunction',
                         Principal='logs.amazonaws.com',
                         SourceArn=f'arn:aws:logs:{region}:{account_id}:log-group:{log_group}:*',
@@ -442,6 +444,15 @@ def create(self):
                 logGroupName=log_group
             )
 
+    @handle_exceptions
+    def check_statmentid_length(self, statmentid_prefix):
+        updated_prefix = statmentid_prefix
+        if len(statmentid_prefix) >= 70: # StatementId length limit is 100
+            updated_prefix = statmentid_prefix[:65] + statmentid_prefix[-5:]
+        else:
+            updated_prefix = statmentid_prefix
+        return updated_prefix
+
     @handle_exceptions
     def update(self):
         err = self.delete()
@@ -466,9 +477,10 @@ def delete(self):
                         logGroupName=log_group
                     )
                 if not LambdaPremissionPrefix:
+                    replaced_prefix =  self.check_statmentid_length(log_group)
                     response = self.aws_lambda.remove_permission(
                         FunctionName=lambda_arn,
-                        StatementId=f'allow-trigger-from-{log_group.replace("/", "-")}'
+                        StatementId=f'allow-trigger-from-{replaced_prefix.replace("/", "-")}'
                     )
 
     def handle(self):

template.yaml

@@ -25,7 +25,7 @@ Metadata:
       - kinesis
       - cloudfront
     HomePageUrl: https://coralogix.com
-    SemanticVersion: 1.0.10
+    SemanticVersion: 1.0.11
     SourceCodeUrl: https://github.com/coralogix/coralogix-aws-shipper
 
   AWS::CloudFormation::Interface: