diff --git a/src/__tests__/api.test.ts b/src/__tests__/api.test.ts index 9f8c19b6..9c480cff 100644 --- a/src/__tests__/api.test.ts +++ b/src/__tests__/api.test.ts @@ -327,6 +327,45 @@ describe('Api', () => { } `); }); + + it('should compile CloudWatch Resources without additional IAM Role when logging roleARN is provided', () => { + const api = new Api( + given.appSyncConfig({ + logging: { + level: 'ERROR', + retentionInDays: 14, + enabled: true, + roleArn: 'arn:', + }, + }), + plugin, + ); + + expect(api.compileCloudWatchLogGroup()).toMatchInlineSnapshot(` + Object { + "GraphQlApiLogGroup": Object { + "Properties": Object { + "LogGroupName": Object { + "Fn::Join": Array [ + "/", + Array [ + "/aws/appsync/apis", + Object { + "Fn::GetAtt": Array [ + "GraphQlApi", + "ApiId", + ], + }, + ], + ], + }, + "RetentionInDays": 14, + }, + "Type": "AWS::Logs::LogGroup", + }, + } + `); + }); }); describe('apiKeys', () => { diff --git a/src/resources/Api.ts b/src/resources/Api.ts index 691d1089..68aebe8b 100644 --- a/src/resources/Api.ts +++ b/src/resources/Api.ts @@ -118,11 +118,9 @@ export class Api { } const logGroupLogicalId = this.naming.getLogGroupLogicalId(); - const roleLogicalId = this.naming.getLogGroupRoleLogicalId(); - const policyLogicalId = this.naming.getLogGroupPolicyLogicalId(); const apiLogicalId = this.naming.getApiLogicalId(); - return { + const logGroupCF = { [logGroupLogicalId]: { Type: 'AWS::Logs::LogGroup', Properties: { @@ -137,6 +135,15 @@ export class Api { this.plugin.serverless.service.provider.logRetentionInDays, }, }, + }; + + if (this.config.logging.roleArn) return logGroupCF; + + const roleLogicalId = this.naming.getLogGroupRoleLogicalId(); + const policyLogicalId = this.naming.getLogGroupPolicyLogicalId(); + + return { + ...logGroupCF, [policyLogicalId]: { Type: 'AWS::IAM::Policy', Properties: {