def add_logs_policy()

in source/lib/blueprints/byom/pipeline_definitions/helpers.py [0:0]

• 31 lines of code
• 1 McCabe index (conditional complexity)

def add_logs_policy(function_role):
    function_role.add_to_policy(
        iam.PolicyStatement(
            actions=[
                "logs:CreateLogStream",
                "logs:PutLogEvents",
            ],
            resources=[
                "arn:"
                + core.Aws.PARTITION
                + logs_str
                + core.Aws.REGION
                + ":"
                + core.Aws.ACCOUNT_ID
                + ":log-group:/aws/lambda/*",
                "arn:"
                + core.Aws.PARTITION
                + logs_str
                + core.Aws.REGION
                + ":"
                + core.Aws.ACCOUNT_ID
                + ":log-group:*:log-stream:*",
            ],
        )
    )
    function_role.add_to_policy(
        iam.PolicyStatement(
            actions=["logs:CreateLogGroup"],
            resources=["arn:" + core.Aws.PARTITION + logs_str + core.Aws.REGION + ":" + core.Aws.ACCOUNT_ID + ":*"],
        )
    )