in source/services/helper/index.ts [295:375]
async function putDestination(
regions: string[],
awsRegions: string[],
destinationName: string,
roleArn: string,
kinesisStreamArn: string,
spokeAccnts: string[]
) {
logger.info({
label: "helper/putDestination",
message: `putting cw logs destinations for spokes`,
});
try {
// check if provided region list is valid
const regionValid = await areRegionsValid(regions, awsRegions);
if (regionValid) {
await deleteDestination(destinationName, regions);
await Promise.all(
regions.map(async (region) => {
logger.debug({
label: "helper/putDestination",
message: `creating cw logs destination in ${region}`,
});
const cwLogs = new CloudWatchLogs({
apiVersion: awsClients.cwLogs,
region: region,
customUserAgent: process.env.CUSTOM_SDK_USER_AGENT,
});
//put destination
const dest: CloudWatchLogs.PutDestinationResponse = await cwLogs
.putDestination({
destinationName: destinationName,
roleArn: roleArn,
targetArn: kinesisStreamArn,
})
.promise();
// put access policy
const accessPolicy = {
Version: "2012-10-17",
Statement: [
{
Sid: "AllowSpokesSubscribe",
Effect: "Allow",
Principal: {
AWS: spokeAccnts,
},
Action: "logs:PutSubscriptionFilter",
Resource: dest.destination?.arn,
},
],
};
await cwLogs
.putDestinationPolicy({
destinationName: destinationName,
accessPolicy: JSON.stringify(accessPolicy), // for spoke accounts as principals
})
.promise();
logger.debug({
label: "helper/putDestinations",
message: `cw logs destination created in ${region}`,
});
})
);
logger.info({
label: "helper/putDestinations",
message: `All cw logs destinations created`,
});
} else {
throw new Error("invalid regions");
}
} catch (e) {
logger.error({
label: "helper/putDestination",
message: e,
});
throw new Error("error in creating cw log destination");
}
}