Open johnttompkins opened 4 years ago
If the ARN is constructed in the Handler, the logs:DescribeLogGroups
permission can be remove from the create handler in the schema.
I'd advocate for reverting #21 for now and adding an issue for doing this another way if the extra api call is unwanted. It's annoying to start writing new code if the current code doesn't pass tests.
We are sucessfully creating/updating log groups in the handlers, but #21 removed a read call that set the arn in the returned model, so the models returned by the create and read calls differ, as so update & read. Found during contract tests:
Need to either add back in the read call at the end of the handler or construct this arn in the create handler, although having to maintain logic for contstructing arns seems like overkill.