Add tags to Forwarder,Sub,Unsub stacks

cloudformation-stacks/forwarder.template.yaml

@@ -26,8 +26,10 @@ Resources:
       LogGroupName: !Sub "/aws/axiom/${AWS::StackName}"
       RetentionInDays: 1
       Tags:
-        - Key: "Role"
-          Value: "AxiomCloudWatchForwarder"
+        - key: "PartOf"
+          Value: !Ref AWS::StackName
+        - key: "Platform"
+          Value: "Axiom"
   ForwarderRole:
     Type: AWS::IAM::Role
     Properties:
@@ -41,6 +43,13 @@ Resources:
                 - lambda.amazonaws.com
       ManagedPolicyArns:
         - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+      Tags:
+        - key: "PartOf"
+          Value: !Ref AWS::StackName
+        - key: "Role"
+          Value: "AxiomCloudWatchForwarder"
+        - key: "Platform"
+          Value: "Axiom"
   ForwarderLambda:
     Type: AWS::Lambda::Function
     Properties:
@@ -56,6 +65,13 @@ Resources:
         - Arn
       LoggingConfig:
         LogGroup: !Ref ForwarderLogGroup
+      Tags:
+        - key: "PartOf"
+          Value: !Ref AWS::StackName
+        - key: "Role"
+          Value: "AxiomCloudWatchForwarder"
+        - key: "Platform"
+          Value: "Axiom"
       Environment:
         Variables:
           AXIOM_TOKEN: !Ref "AxiomToken"

cloudformation-stacks/subscriber.template.yaml

@@ -53,7 +53,11 @@ Resources:
       LogGroupName: !Sub "/aws/axiom/${AWS::StackName}"
       RetentionInDays: 1
       Tags:
-        - Key: "Role"
+        - key: "PartOf"
+          Value: !Ref AWS::StackName
+        - key: "Platform"
+          Value: "Axiom"
+        - key: "Role"
           Value: "AxiomCloudWatchSubscriber"
   SubscriberRole:
     Type: AWS::IAM::Role
@@ -84,6 +88,15 @@ Resources:
         - Arn
       LoggingConfig:
         LogGroup: !Ref SubscriberLogGroup
+      Tags:
+        - key: "PartOf"
+          Value: !Ref AWS::StackName
+        - key: "Role"
+          Value: "AxiomCloudWatchSubscriber"
+        - key: "Platform"
+          Value: "Axiom"
+        - key: "ForwarderARN"
+          Value: !Ref "AxiomCloudWatchForwarderLambdaARN"
       Environment:
         Variables:
           AXIOM_CLOUDWATCH_FORWARDER_LAMBDA_ARN: !Ref "AxiomCloudWatchForwarderLambdaARN"

cloudformation-stacks/unsubscriber.template.yaml

@@ -53,8 +53,12 @@ Resources:
       LogGroupName: !Sub "/aws/axiom/${AWS::StackName}"
       RetentionInDays: 1
       Tags:
-        - Key: "Role"
+        - key: "PartOf"
+          Value: !Ref AWS::StackName
+        - key: "Role"
           Value: "AxiomCloudWatchUnsubscriber"
+        - key: "Platform"
+          Value: "Axiom"
   UnsubscriberRole:
     Type: AWS::IAM::Role
     Properties:
@@ -84,6 +88,13 @@ Resources:
         - Arn
       LoggingConfig:
         LogGroup: !Ref UnsubscriberLogGroup
+      Tags:
+        - key: "PartOf"
+          Value: !Ref AWS::StackName
+        - key: "Role"
+          Value: "AxiomCloudWatchUnsubscriber"
+        - key: "Platform"
+          Value: "Axiom"
       Environment:
         Variables:
           AXIOM_CLOUDWATCH_FORWARDER_LAMBDA_ARN: !Ref "AxiomCloudWatchForwarderLambdaARN"

subscriber.py

@@ -129,7 +129,7 @@ def lambda_handler(event: dict, context=None):
         if group["name"].startswith("/aws/axiom/"):
             continue
         # create invoke permission for lambda
-        cleaned_name = '-'.join(group["name"].split("/")[3:])
+        cleaned_name = "-".join(group["name"].split("/")[3:])
         statement_id = f"invoke-permission-for_{cleaned_name}"
         # remove permission if exists
         try: