diff --git a/cloudformation-stacks/forwarder.template.yaml b/cloudformation-stacks/forwarder.template.yaml index 46c9471..610010f 100644 --- a/cloudformation-stacks/forwarder.template.yaml +++ b/cloudformation-stacks/forwarder.template.yaml @@ -26,8 +26,10 @@ Resources: LogGroupName: !Sub "/aws/axiom/${AWS::StackName}" RetentionInDays: 1 Tags: - - Key: "Role" - Value: "AxiomCloudWatchForwarder" + - key: "PartOf" + Value: !Ref AWS::StackName + - key: "Platform" + Value: "Axiom" ForwarderRole: Type: AWS::IAM::Role Properties: @@ -41,6 +43,13 @@ Resources: - lambda.amazonaws.com ManagedPolicyArns: - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + Tags: + - key: "PartOf" + Value: !Ref AWS::StackName + - key: "Role" + Value: "AxiomCloudWatchForwarder" + - key: "Platform" + Value: "Axiom" ForwarderLambda: Type: AWS::Lambda::Function Properties: @@ -56,6 +65,13 @@ Resources: - Arn LoggingConfig: LogGroup: !Ref ForwarderLogGroup + Tags: + - key: "PartOf" + Value: !Ref AWS::StackName + - key: "Role" + Value: "AxiomCloudWatchForwarder" + - key: "Platform" + Value: "Axiom" Environment: Variables: AXIOM_TOKEN: !Ref "AxiomToken" diff --git a/cloudformation-stacks/subscriber.template.yaml b/cloudformation-stacks/subscriber.template.yaml index 1a800b9..4ee17bf 100644 --- a/cloudformation-stacks/subscriber.template.yaml +++ b/cloudformation-stacks/subscriber.template.yaml @@ -53,7 +53,11 @@ Resources: LogGroupName: !Sub "/aws/axiom/${AWS::StackName}" RetentionInDays: 1 Tags: - - Key: "Role" + - key: "PartOf" + Value: !Ref AWS::StackName + - key: "Platform" + Value: "Axiom" + - key: "Role" Value: "AxiomCloudWatchSubscriber" SubscriberRole: Type: AWS::IAM::Role @@ -84,6 +88,15 @@ Resources: - Arn LoggingConfig: LogGroup: !Ref SubscriberLogGroup + Tags: + - key: "PartOf" + Value: !Ref AWS::StackName + - key: "Role" + Value: "AxiomCloudWatchSubscriber" + - key: "Platform" + Value: "Axiom" + - key: "ForwarderARN" + Value: !Ref "AxiomCloudWatchForwarderLambdaARN" Environment: Variables: AXIOM_CLOUDWATCH_FORWARDER_LAMBDA_ARN: !Ref "AxiomCloudWatchForwarderLambdaARN" diff --git a/cloudformation-stacks/unsubscriber.template.yaml b/cloudformation-stacks/unsubscriber.template.yaml index 7f2cf07..0d7d849 100644 --- a/cloudformation-stacks/unsubscriber.template.yaml +++ b/cloudformation-stacks/unsubscriber.template.yaml @@ -53,8 +53,12 @@ Resources: LogGroupName: !Sub "/aws/axiom/${AWS::StackName}" RetentionInDays: 1 Tags: - - Key: "Role" + - key: "PartOf" + Value: !Ref AWS::StackName + - key: "Role" Value: "AxiomCloudWatchUnsubscriber" + - key: "Platform" + Value: "Axiom" UnsubscriberRole: Type: AWS::IAM::Role Properties: @@ -84,6 +88,13 @@ Resources: - Arn LoggingConfig: LogGroup: !Ref UnsubscriberLogGroup + Tags: + - key: "PartOf" + Value: !Ref AWS::StackName + - key: "Role" + Value: "AxiomCloudWatchUnsubscriber" + - key: "Platform" + Value: "Axiom" Environment: Variables: AXIOM_CLOUDWATCH_FORWARDER_LAMBDA_ARN: !Ref "AxiomCloudWatchForwarderLambdaARN" diff --git a/subscriber.py b/subscriber.py index 31feefd..43da268 100644 --- a/subscriber.py +++ b/subscriber.py @@ -129,7 +129,7 @@ def lambda_handler(event: dict, context=None): if group["name"].startswith("/aws/axiom/"): continue # create invoke permission for lambda - cleaned_name = '-'.join(group["name"].split("/")[3:]) + cleaned_name = "-".join(group["name"].split("/")[3:]) statement_id = f"invoke-permission-for_{cleaned_name}" # remove permission if exists try: