fix: updated compileCloudWatchLogGroup to not create new role when ro…

…leArn is provided
sid88in · Dec 13, 2023 · ab81575 · ab81575
1 parent 05164d8
commit ab81575
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 8 deletions.
diff --git a/src/__tests__/api.test.ts b/src/__tests__/api.test.ts
@@ -327,6 +327,45 @@ describe('Api', () => {
         }
       `);
     });
+
+    it('should compile CloudWatch Resources without additional IAM Role when logging roleARN is provided', () => {
+      const api = new Api(
+        given.appSyncConfig({
+          logging: {
+            level: 'ERROR',
+            retentionInDays: 14,
+            enabled: true,
+            roleArn: 'arn:',
+          },
+        }),
+        plugin,
+      );
+
+      expect(api.compileCloudWatchLogGroup()).toMatchInlineSnapshot(`
+        Object {
+          "GraphQlApiLogGroup": Object {
+            "Properties": Object {
+              "LogGroupName": Object {
+                "Fn::Join": Array [
+                  "/",
+                  Array [
+                    "/aws/appsync/apis",
+                    Object {
+                      "Fn::GetAtt": Array [
+                        "GraphQlApi",
+                        "ApiId",
+                      ],
+                    },
+                  ],
+                ],
+              },
+              "RetentionInDays": 14,
+            },
+            "Type": "AWS::Logs::LogGroup",
+          },
+        }
+      `);
+    });
   });
 
   describe('apiKeys', () => {

diff --git a/src/resources/Api.ts b/src/resources/Api.ts
@@ -118,11 +118,9 @@ export class Api {
     }
 
     const logGroupLogicalId = this.naming.getLogGroupLogicalId();
-    const roleLogicalId = this.naming.getLogGroupRoleLogicalId();
-    const policyLogicalId = this.naming.getLogGroupPolicyLogicalId();
     const apiLogicalId = this.naming.getApiLogicalId();
 
-    return {
+    const logGroupCF = {
       [logGroupLogicalId]: {
         Type: 'AWS::Logs::LogGroup',
         Properties: {
@@ -133,10 +131,19 @@ export class Api {
             ],
           },
           RetentionInDays:
-            this.config.logging.retentionInDays ||
+            this.config.logging.retentionInDays ??
             this.plugin.serverless.service.provider.logRetentionInDays,
         },
       },
+    };
+
+    if (this.config.logging.roleArn) return logGroupCF;
+
+    const roleLogicalId = this.naming.getLogGroupRoleLogicalId();
+    const policyLogicalId = this.naming.getLogGroupPolicyLogicalId();
+
+    return {
+      ...logGroupCF,
       [policyLogicalId]: {
         Type: 'AWS::IAM::Policy',
         Properties: {
@@ -418,10 +425,10 @@ export class Api {
       AppIdClientRegex: auth.config.appIdClientRegex,
       ...(!isAdditionalAuth
         ? {
-            // Default action is the one passed in the config
-            // or 'ALLOW'
-            DefaultAction: auth.config.defaultAction || 'ALLOW',
-          }
+          // Default action is the one passed in the config
+          // or 'ALLOW'
+          DefaultAction: auth.config.defaultAction || 'ALLOW',
+        }
         : {}),
     };