Open Lorenzohidalgo opened 9 months ago
As additional context,
With the current version, deploying with the following configuration
Triggers the creation of two roles:
Our custom one "AppSyncLoggingServiceRole" and the default one, even though only the custom one will be used.
This fix removes the creation of the default one when a roleArn
is provided:
Detected Issue:
A new Log Role and policy is always created, without considering if one is provided or not.
If a
roleArn
is provided in the configuration, that one will be used asCloudWatchLogsRoleArn
.The current implementation of
compileCloudWatchLogGroup
will always create a new policy and role alongside the log group:Proposed Fix:
Update
compileCloudWatchLogGroup
to consider ifroleArn
is provided or not.We could see two different scenarios:
roleArn
is provided -> only the Log Group should be createdroleArn
not provided -> Log Group, Policy and Role should be created