Skip to content

Commit 494d129

Browse files
committed
Fix tests after adding access logging.
1 parent d8150b4 commit 494d129

File tree

2 files changed

+51
-1
lines changed

2 files changed

+51
-1
lines changed

modules/stage/locals.tf

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,8 @@ locals {
66
include_dns_record = var.include_dns_record == null ? true : var.include_dns_record
77
enable_auto_deploy = var.enable_auto_deploy == null ? true : var.enable_auto_deploy
88

9+
sanitised_name = replace(var.name, "$", "")
10+
911
default_tags = local.include_default_tags == true ? {
1012
Component = var.component
1113
DeploymentIdentifier = var.deployment_identifier

modules/stage/log_group.tf

Lines changed: 49 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,51 @@
11
resource "aws_cloudwatch_log_group" "access_logs" {
2-
name = "/${var.component}/${var.deployment_identifier}/api-gateway/${var.name}"
2+
name = "/${var.component}/${var.deployment_identifier}/api-gateway/${local.sanitised_name}"
3+
}
4+
5+
data "aws_iam_policy_document" "api_gateway_assume_role_policy" {
6+
statement {
7+
actions = ["sts:AssumeRole"]
8+
9+
principals {
10+
identifiers = [
11+
"apigateway.amazonaws.com"
12+
]
13+
type = "Service"
14+
}
15+
16+
effect = "Allow"
17+
}
18+
}
19+
20+
data "aws_iam_policy_document" "api_gateway_logging_policy" {
21+
statement {
22+
effect = "Allow"
23+
actions = [
24+
"logs:CreateLogGroup",
25+
"logs:CreateLogStream",
26+
"logs:DescribeLogGroups",
27+
"logs:DescribeLogStreams",
28+
"logs:PutLogEvents",
29+
"logs:GetLogEvents",
30+
"logs:FilterLogEvents"
31+
]
32+
resources = [
33+
"*"
34+
]
35+
}
36+
}
37+
38+
resource "aws_iam_role" "api_gateway_logging_role" {
39+
name = "api-gateway-logging-role-${var.component}-${var.deployment_identifier}-${local.sanitised_name}"
40+
assume_role_policy = data.aws_iam_policy_document.api_gateway_assume_role_policy.json
41+
}
42+
43+
resource "aws_iam_role_policy" "api_gateway_logging_role_policy" {
44+
name = "api-gateway-logging-policy-${var.component}-${var.deployment_identifier}-${local.sanitised_name}"
45+
role = aws_iam_role.api_gateway_logging_role.name
46+
policy = data.aws_iam_policy_document.api_gateway_logging_policy.json
47+
}
48+
49+
resource "aws_api_gateway_account" "api_gateway_account" {
50+
cloudwatch_role_arn = aws_iam_role.api_gateway_logging_role.arn
351
}

0 commit comments

Comments
 (0)