Merge pull request #87 from NHSDigital/feature/CCM-10246_test

sidnhs · web-flow · commit 8c8126866d0e · 2025-06-12T08:18:18.000Z
CCM-10246: Edge lambda regional log group
diff --git a/infrastructure/modules/lambda/cloudwatch_log_group.tf b/infrastructure/modules/lambda/cloudwatch_log_group.tf
@@ -10,3 +10,17 @@ resource "aws_cloudwatch_log_group" "main" {
     },
   )
 }
+
+resource "aws_cloudwatch_log_group" "main_edge" {
+  count             = var.lambda_at_edge ? 1 : 0
+  name              = "/aws/lambda/us-east-1.${local.csi}"
+  retention_in_days = var.log_retention_in_days
+  kms_key_id        = var.kms_key_arn
+
+  tags = merge(
+    local.default_tags,
+    {
+      Name = local.csi
+    },
+  )
+}
diff --git a/infrastructure/modules/lambda/data_iam_policy_document_put_logs.tf b/infrastructure/modules/lambda/data_iam_policy_document_put_logs.tf
@@ -9,9 +9,11 @@ data "aws_iam_policy_document" "put_logs" {
     ]
 
     #trivy:ignore:aws-iam-no-policy-wildcards
-    resources = [
+    resources = flatten([[
       "${aws_cloudwatch_log_group.main.arn}:*",
-    ]
+      ], var.lambda_at_edge ? [
+      "${aws_cloudwatch_log_group.main_edge[0].arn}:*",
+    ] : []])
   }
 
   dynamic "statement" {

Original file line number	Diff line number	Diff line change
`@@ -9,9 +9,11 @@ data "aws_iam_policy_document" "put_logs" {`
`9`	`9`	`]`
`10`	`10`
`11`	`11`	`#trivy:ignore:aws-iam-no-policy-wildcards`
`12`		`- resources = [`
	`12`	`+ resources = flatten([[`
`13`	`13`	`"${aws_cloudwatch_log_group.main.arn}:*",`
`14`		`- ]`
	`14`	`+ ], var.lambda_at_edge ? [`
	`15`	`+ "${aws_cloudwatch_log_group.main_edge[0].arn}:*",`
	`16`	`+ ] : []])`
`15`	`17`	`}`
`16`	`18`
`17`	`19`	`dynamic "statement" {`