public MyStack()
{
var exampleRecorder = new Aws.Cfg.Recorder("exampleRecorder", new Aws.Cfg.RecorderArgs
{
});
var exampleFunction = new Aws.Lambda.Function("exampleFunction", new Aws.Lambda.FunctionArgs
{
});
var examplePermission = new Aws.Lambda.Permission("examplePermission", new Aws.Lambda.PermissionArgs
{
Action = "lambda:InvokeFunction",
Function = exampleFunction.Arn,
Principal = "config.amazonaws.com",
});
var exampleRule = new Aws.Cfg.Rule("exampleRule", new Aws.Cfg.RuleArgs
{
Source = new Aws.Cfg.Inputs.RuleSourceArgs
{
Owner = "CUSTOM_LAMBDA",
SourceIdentifier = exampleFunction.Arn,
},
}, new CustomResourceOptions
{
DependsOn =
{
"aws_config_configuration_recorder.example",
"aws_lambda_permission.example",
},
});
}
public MyStack()
{
var exampleLayerVersion = new Aws.Lambda.LayerVersion("exampleLayerVersion", new Aws.Lambda.LayerVersionArgs
{
});
var exampleFunction = new Aws.Lambda.Function("exampleFunction", new Aws.Lambda.FunctionArgs
{
Layers =
{
exampleLayerVersion.Arn,
},
});
}
public MyStack()
{
var testLambda = new Aws.Lambda.Function("testLambda", new Aws.Lambda.FunctionArgs
{
}, new CustomResourceOptions
{
DependsOn =
{
"aws_cloudwatch_log_group.example",
"aws_iam_role_policy_attachment.lambda_logs",
},
});
// This is to optionally manage the CloudWatch Log Group for the Lambda Function.
// If skipping this resource configuration, also add "logs:CreateLogGroup" to the IAM policy below.
var example = new Aws.CloudWatch.LogGroup("example", new Aws.CloudWatch.LogGroupArgs
{
RetentionInDays = 14,
});
// See also the following AWS managed policy: AWSLambdaBasicExecutionRole
var lambdaLogging = new Aws.Iam.Policy("lambdaLogging", new Aws.Iam.PolicyArgs
{
Description = "IAM policy for logging from a lambda",
Path = "/",
Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": [
""logs:CreateLogGroup"",
""logs:CreateLogStream"",
""logs:PutLogEvents""
],
""Resource"": ""arn:aws:logs:*:*:*"",
""Effect"": ""Allow""
}
]
}
",
});
var lambdaLogs = new Aws.Iam.RolePolicyAttachment("lambdaLogs", new Aws.Iam.RolePolicyAttachmentArgs
{
PolicyArn = lambdaLogging.Arn,
Role = aws_iam_role.Iam_for_lambda.Name,
});
}