In #113, we added the ability for Lambda functions created using Lambda shortcuts to use an IAM role that already exists. When specified, an inline policy would be created and attached to the specified role. However, if multiple Lambda function use the same role, they will each overwrite the "lambda-log-access" policy. Because the inline policy is scoped to a single Lambda cloud watch group, it's possible that only one of the lambda functions ends up with CloudWatch access. This means the other function can no longer write to logs.
As a workaround, you can provide a statement with broader logs:* access in the IAM role. But perhaps there's something we could do within this module to grant access to multiple log groups when multiple Lambdas use the same role.
In #113, we added the ability for Lambda functions created using Lambda shortcuts to use an IAM role that already exists. When specified, an inline policy would be created and attached to the specified role. However, if multiple Lambda function use the same role, they will each overwrite the "lambda-log-access" policy. Because the inline policy is scoped to a single Lambda cloud watch group, it's possible that only one of the lambda functions ends up with CloudWatch access. This means the other function can no longer write to logs.
As a workaround, you can provide a statement with broader
logs:*access in the IAM role. But perhaps there's something we could do within this module to grant access to multiple log groups when multiple Lambdas use the same role.