Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lambda: log retention policy is created when log retention role is provided #27494

Closed
gkaskonas opened this issue Oct 11, 2023 · 3 comments
Closed

lambda: log retention policy is created when log retention role is provided #27494

gkaskonas opened this issue Oct 11, 2023 · 3 comments
Labels
@aws-cdk/aws-lambda Related to AWS Lambda

Comments

@gkaskonas
Copy link
Contributor

Describe the bug

When creating a lambda function, passing an existing roleARn should be enough to make it work. However, it keeps creating a policy and attaching it to the role. Why is that the case?

Expected Behavior

Do not create any policies

Current Behavior

Creates another policy and attaches it to the role provided

Reproduction Steps

Create a lambda function with logRetentionRole prop

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.100.0

Framework Version

No response

Node.js Version

v18

OS

macOS

Language

TypeScript

Language Version

v5.2.2

Other information

No response
@gkaskonas gkaskonas added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Oct 11, 2023
@github-actions github-actions bot added the @aws-cdk/aws-lambda Related to AWS Lambda label Oct 11, 2023
@gkaskonas
Copy link
Contributor Author

https://github.com/aws/aws-cdk/blob/61be7a659f22e7ff3df255fc9542214135d07d5e/packages/aws-cdk-lib/aws-logs/lib/log-retention.ts#L159C5-L159C13
This should only be called if the role is not provided

@peterwoodworth peterwoodworth removed needs-triage This issue or PR still needs to be triaged. bug This issue is a bug. labels Oct 11, 2023
@peterwoodworth
Copy link
Contributor

It should be called regardless. If you don't want permissions to be added when passing in a role to a construct, call https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_iam.Role.html#withoutwbrpolicywbrupdatesoptions

@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

@github-actions github-actions bot mentioned this issue Nov 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-lambda Related to AWS Lambda
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@peterwoodworth @gkaskonas