Modify rule S6294: "Log Groups" should be declared explicitly (#4530)

* Modify rule S6294: "Log Groups" should be declared explicitly * Code review remarks Co-authored-by: GabinL21 <67428953+GabinL21@users.noreply.github.com> --------- Co-authored-by: GabinL21 <67428953+GabinL21@users.noreply.github.com>
2024-11-25 11:34:24 +01:00 · 2024-11-25 11:34:24 +01:00 · 5815d72fb9
commit 5815d72fb9
parent 411255ad6a
1 changed files with 37 additions and 1 deletions
--- a/rules/S6294/cloudformation/rule.adoc
+++ b/rules/S6294/cloudformation/rule.adoc
@ -57,7 +57,7 @@ Resources:

 ==== Compliant solution

-Example with a `!Ref`:
+Example with a `!Ref` in `LogGroup`:

 [source,yaml]
 ----
@ -76,6 +76,27 @@ Resources:
      RetentionInDays: 30
 ----

+Example with a `!Ref` in `AWS::Lambda::Function` (it also works for `AWS::Serverless::Function`):
+
+[source,yaml]
+----
+AWSTemplateFormatVersion: 2010-09-09
+Resources:
+  ExampleFunction:
+    Type: AWS::Lambda::Function
+    Properties:
+      Runtime: nodejs12.x
+      Description: Example of Lambda Function
+      LoggingConfig:
+        LogGroup: !Ref ExampleLogGroup
+
+  ExampleLogGroup:
+    Type: AWS::Logs::LogGroup
+    Properties:
+      LogGroupName: "/aws/lambda/exampleFunction"
+      RetentionInDays: 30
+----
+
 Example with `!Sub`:

 [source,yaml]
@ -95,6 +116,21 @@ Resources:
      RetentionInDays: 30
 ----

+Example with `CloudWatchLogs` (it only works for `AWS::CodeBuild::Project`):
+
+[source,yaml]
+----
+AWSTemplateFormatVersion: 2010-09-09
+Resources:
+  CodeBuildProject:
+    Type: AWS::CodeBuild::Project
+    Properties:
+      LogsConfig:
+        CloudWatchLogs:
+          Status: "ENABLED"
+          GroupName: "aws/codeBuild/project"
+----
+
 == Resources

 * AWS Documentation https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html[AWS::Logs::LogGroup]