Support writing Lambda logs (pulumi#555)

Also add a couple things to the global .gitignore.
ctmcisco · Feb 14, 2020 · ec4f13c · ec4f13c
1 parent 974ec15
commit ec4f13c
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 1 deletion.
diff --git a/.gitignore b/.gitignore
@@ -16,6 +16,8 @@ Pulumi.*.yaml
 *.iml
 key.rsa*
 obj/
+vendor
+Gopkg.lock
 
 # Java app
 .gradle/

diff --git a/aws-go-lambda/main.go b/aws-go-lambda/main.go
@@ -26,6 +26,23 @@ func main() {
  return err
  }
 
+ // Attach a policy to allow writing logs to CloudWatch
+ logPolicy, err := iam.NewRolePolicy(ctx, "lambda-log-policy", &iam.RolePolicyArgs{
+ Role: role.Name,
+ Policy: pulumi.String(`{
+ "Version": "2012-10-17",
+ "Statement": [{
+ "Effect": "Allow",
+ "Action": [
+ "logs:CreateLogGroup",
+ "logs:CreateLogStream",
+ "logs:PutLogEvents"
+ ],
+ "Resource": "arn:aws:logs:*:*:*"
+ }]
+ }`),
+ })
+
  // Set arguments for constructing the function resource.
  args := &lambda.FunctionArgs{
  Handler: pulumi.String("handler"),
@@ -35,7 +52,12 @@ func main() {
  }
 
  // Create the lambda using the args.
- function, err := lambda.NewFunction(ctx, "basicLambda", args)
+ function, err := lambda.NewFunction(
+ ctx,
+ "basicLambda",
+ args,
+ pulumi.DependsOn([]pulumi.Resource{logPolicy}),
+ )
  if err != nil {
  return err
  }