From 5815d72fb919da3e09a05d8de41fa19fa2834b7b Mon Sep 17 00:00:00 2001 From: Marcin Stachniuk Date: Mon, 25 Nov 2024 11:34:24 +0100 Subject: [PATCH] Modify rule S6294: "Log Groups" should be declared explicitly (#4530) * Modify rule S6294: "Log Groups" should be declared explicitly * Code review remarks Co-authored-by: GabinL21 <67428953+GabinL21@users.noreply.github.com> --------- Co-authored-by: GabinL21 <67428953+GabinL21@users.noreply.github.com> --- rules/S6294/cloudformation/rule.adoc | 38 +++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/rules/S6294/cloudformation/rule.adoc b/rules/S6294/cloudformation/rule.adoc index b92db57953..8945428380 100644 --- a/rules/S6294/cloudformation/rule.adoc +++ b/rules/S6294/cloudformation/rule.adoc @@ -57,7 +57,7 @@ Resources: ==== Compliant solution -Example with a `!Ref`: +Example with a `!Ref` in `LogGroup`: [source,yaml] ---- @@ -76,6 +76,27 @@ Resources: RetentionInDays: 30 ---- +Example with a `!Ref` in `AWS::Lambda::Function` (it also works for `AWS::Serverless::Function`): + +[source,yaml] +---- +AWSTemplateFormatVersion: 2010-09-09 +Resources: + ExampleFunction: + Type: AWS::Lambda::Function + Properties: + Runtime: nodejs12.x + Description: Example of Lambda Function + LoggingConfig: + LogGroup: !Ref ExampleLogGroup + + ExampleLogGroup: + Type: AWS::Logs::LogGroup + Properties: + LogGroupName: "/aws/lambda/exampleFunction" + RetentionInDays: 30 +---- + Example with `!Sub`: [source,yaml] @@ -95,6 +116,21 @@ Resources: RetentionInDays: 30 ---- +Example with `CloudWatchLogs` (it only works for `AWS::CodeBuild::Project`): + +[source,yaml] +---- +AWSTemplateFormatVersion: 2010-09-09 +Resources: + CodeBuildProject: + Type: AWS::CodeBuild::Project + Properties: + LogsConfig: + CloudWatchLogs: + Status: "ENABLED" + GroupName: "aws/codeBuild/project" +---- + == Resources * AWS Documentation https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html[AWS::Logs::LogGroup]