Skip to content

Instantly share code, notes, and snippets.

@hassaku63

hassaku63/serverless.yml

Created May 2, 2022 16:00
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save hassaku63/ccb0282faaacb1f2d6dd658dac6248c1 to your computer and use it in GitHub Desktop.
Save hassaku63/ccb0282faaacb1f2d6dd658dac6248c1 to your computer and use it in GitHub Desktop.
Download ZIP
Example using subscription filter for StateMachine execution fail (delivery to kinesis data stream)
Raw
serverless.yml
resources:
Resouces:
SmSubscription:
Type: AWS::Logs::SubscriptionFilter
Properties:
LogGroupName: !Ref StateMachineLogGroup
FilterPattern: ExecutionFailed
DestinationArn: !GetAtt [JobFailureEventStream, Arn]
RoleArn: !GetAtt [KinesisSubscriptionRole, Arn]
JobFailureEventStream:
Type: AWS::Kinesis::Stream
Properties:
Name: ${self:service}-${self:provider.stage}-error-events
ShardCount: 1
KinesisSubscriptionRole:
Type: AWS::IAM::Role
Properties:
RoleName: ${self:service}-${self:provider.stage}-delivery-logs-role
AssumeRolePolicyDocument:
Statement:
- Action: "sts:AssumeRole"
Effect: "Allow"
Principal:
Service: !Sub logs.${AWS::Region}.amazonaws.com
# Condition:
# StringLike:
# "aws:SourceArn": !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:*"
KinesisSubscriptionRolePolicy:
Type: "AWS::IAM::Policy"
Properties:
PolicyName: ${self:service}-${self:provider.stage}-delivery-logs
PolicyDocument:
Statement:
- Effect: "Allow"
Action:
- "kinesis:PutRecord"
Resource: !GetAtt [JobFailureEventStream, Arn]
Roles:
- !Ref KinesisSubscriptionRole
@hassaku63
Copy link
Author

Condition の部分はコメントアウトすると Policy syntax error で弾かれる。

どうしたらいいのかまだわかってないのが、いったん放置

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment