├── .editorconfig ├── .eslintignore ├── .eslintrc ├── .gitignore ├── LICENSE ├── README.md ├── commitlint.config.js ├── examples ├── default-log-groups-with-json │ ├── .gitignore │ ├── handler.js │ ├── package-lock.json │ ├── package.json │ └── serverless.yml ├── exclude-function │ ├── .gitignore │ ├── handler.js │ ├── package-lock.json │ ├── package.json │ └── serverless.yml └── with-serverless-iam-roles-per-function │ ├── .gitignore │ ├── handler.js │ ├── package-lock.json │ ├── package.json │ └── serverless.yml ├── index.js ├── index.test.js ├── jest.config.js ├── jsconfig.json ├── package-lock.json └── package.json /.editorconfig: -------------------------------------------------------------------------------- 1 | # EditorConfig is awesome: http://EditorConfig.org 2 | 3 | # top-most EditorConfig file 4 | root = true 5 | 6 | # Unix-style newlines with a newline ending every file 7 | [*] 8 | end_of_line = lf 9 | insert_final_newline = true 10 | charset = utf-8 11 | indent_style = space 12 | indent_size = 2 13 | trim_trailing_whitespace = true 14 | -------------------------------------------------------------------------------- /.eslintignore: -------------------------------------------------------------------------------- 1 | node_modules 2 | coverage 3 | docs -------------------------------------------------------------------------------- /.eslintrc: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "standard", 3 | "env": { 4 | "jest": true 5 | } 6 | } -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Logs 2 | logs 3 | *.log 4 | npm-debug.log* 5 | yarn-debug.log* 6 | yarn-error.log* 7 | lerna-debug.log* 8 | .pnpm-debug.log* 9 | 10 | # Diagnostic reports (https://nodejs.org/api/report.html) 11 | report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json 12 | 13 | # Runtime data 14 | pids 15 | *.pid 16 | *.seed 17 | *.pid.lock 18 | 19 | # Directory for instrumented libs generated by jscoverage/JSCover 20 | lib-cov 21 | 22 | # Coverage directory used by tools like istanbul 23 | coverage 24 | *.lcov 25 | 26 | # nyc test coverage 27 | .nyc_output 28 | 29 | # Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) 30 | .grunt 31 | 32 | # Bower dependency directory (https://bower.io/) 33 | bower_components 34 | 35 | # node-waf configuration 36 | .lock-wscript 37 | 38 | # Compiled binary addons (https://nodejs.org/api/addons.html) 39 | build/Release 40 | 41 | # Dependency directories 42 | node_modules/ 43 | jspm_packages/ 44 | 45 | # Snowpack dependency directory (https://snowpack.dev/) 46 | web_modules/ 47 | 48 | # TypeScript cache 49 | *.tsbuildinfo 50 | 51 | # Optional npm cache directory 52 | .npm 53 | 54 | # Optional eslint cache 55 | .eslintcache 56 | 57 | # Optional stylelint cache 58 | .stylelintcache 59 | 60 | # Microbundle cache 61 | .rpt2_cache/ 62 | .rts2_cache_cjs/ 63 | .rts2_cache_es/ 64 | .rts2_cache_umd/ 65 | 66 | # Optional REPL history 67 | .node_repl_history 68 | 69 | # Output of 'npm pack' 70 | *.tgz 71 | 72 | # Yarn Integrity file 73 | .yarn-integrity 74 | 75 | # dotenv environment variable files 76 | .env 77 | .env.development.local 78 | .env.test.local 79 | .env.production.local 80 | .env.local 81 | 82 | # parcel-bundler cache (https://parceljs.org/) 83 | .cache 84 | .parcel-cache 85 | 86 | # Next.js build output 87 | .next 88 | out 89 | 90 | # Nuxt.js build / generate output 91 | .nuxt 92 | dist 93 | 94 | # Gatsby files 95 | .cache/ 96 | # Comment in the public line in if your project uses Gatsby and not Next.js 97 | # https://nextjs.org/blog/next-9-1#public-directory-support 98 | # public 99 | 100 | # vuepress build output 101 | .vuepress/dist 102 | 103 | # vuepress v2.x temp and cache directory 104 | .temp 105 | .cache 106 | 107 | # Docusaurus cache and generated files 108 | .docusaurus 109 | 110 | # Serverless directories 111 | .serverless/ 112 | 113 | # FuseBox cache 114 | .fusebox/ 115 | 116 | # DynamoDB Local files 117 | .dynamodb/ 118 | 119 | # TernJS port file 120 | .tern-port 121 | 122 | # Stores VSCode versions used for testing VSCode extensions 123 | .vscode-test 124 | 125 | # yarn v2 126 | .yarn/cache 127 | .yarn/unplugged 128 | .yarn/build-state.yml 129 | .yarn/install-state.gz 130 | .pnp.* 131 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 Yan Cui 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # serverless-logging-config 2 | 3 | Lets you configure custom log group, JSON logging, and other recent logging changes announce in Nov 2023. 4 | 5 | For more information about these settings, please see the service announcement [here](https://aws.amazon.com/about-aws/whats-new/2023/11/aws-lambda-controls-search-filter-aggregate-lambda-function-logs) 6 | 7 | ## Getting started 8 | 9 | 1. Install as dev dependency: 10 | 11 | `npm i --save-dev serverless-logging-config` 12 | 13 | 2. Add the plugin to the plugins list in your `serverless.yml`: 14 | 15 | ```yml 16 | service: my-service 17 | 18 | plugins: 19 | - serverless-logging-config 20 | ``` 21 | 22 | 3. Configure the plugin in the `custom` section (you may have to add this to your `serverless.yml`). For example: 23 | 24 | ```yml 25 | service: my-service 26 | 27 | custom: 28 | serverless-logging-config: 29 | enableJson: true # [Optional] if enabled, set the LogFormat to JSON 30 | logGroupName: my-logs # [Optional] if set, all functions will send logs this log group 31 | applicationLogLevel: INFO # [Optional] valid values are DEBUG, ERROR, FATAL, INFO, TRACE and WARN 32 | systemLogLevel: INFO # [Optional] valid values are DEBUG, INFO and WARN 33 | useDefaultLogGroup: # [Optional] these functions would keep logging to their default log group 34 | - function1 35 | - function2 36 | ``` 37 | 38 | See [this page](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-loggingconfig.html) for more info on what these settings mean. 39 | 40 | **IMPORTANT**: when used alongside the `serverless-iam-roles-per-function` plugin, make sure this plugin is listed **AFTER** `serverless-iam-roles-per-function`. ie. 41 | 42 | ```yml 43 | plugins: 44 | - serverless-iam-roles-per-function 45 | - serverless-logging-config 46 | ``` 47 | -------------------------------------------------------------------------------- /commitlint.config.js: -------------------------------------------------------------------------------- 1 | module.exports = { extends: ['@commitlint/config-conventional'] } 2 | -------------------------------------------------------------------------------- /examples/default-log-groups-with-json/.gitignore: -------------------------------------------------------------------------------- 1 | # package directories 2 | node_modules 3 | jspm_packages 4 | 5 | # Serverless directories 6 | .serverless -------------------------------------------------------------------------------- /examples/default-log-groups-with-json/handler.js: -------------------------------------------------------------------------------- 1 | module.exports.hello = async (event) => { 2 | return { 3 | statusCode: 200, 4 | body: JSON.stringify( 5 | { 6 | message: 'Go Serverless v1.0! Your function executed successfully!', 7 | input: event 8 | }, 9 | null, 10 | 2 11 | ) 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /examples/default-log-groups-with-json/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "default-log-groups-with-json", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "", 6 | "main": "index.js", 7 | "scripts": { 8 | "test": "echo \"Error: no test specified\" && exit 1" 9 | }, 10 | "keywords": [], 11 | "author": "", 12 | "license": "ISC", 13 | "devDependencies": { 14 | "serverless": "^3.38.0" 15 | } 16 | } -------------------------------------------------------------------------------- /examples/default-log-groups-with-json/serverless.yml: -------------------------------------------------------------------------------- 1 | service: default-log-groups-with-json 2 | 3 | frameworkVersion: "3" 4 | 5 | plugins: 6 | - ../../index 7 | 8 | provider: 9 | name: aws 10 | runtime: nodejs18.x 11 | 12 | custom: 13 | serverless-logging-config: 14 | enableJson: true 15 | 16 | functions: 17 | hello: 18 | handler: handler.hello 19 | -------------------------------------------------------------------------------- /examples/exclude-function/.gitignore: -------------------------------------------------------------------------------- 1 | # package directories 2 | node_modules 3 | jspm_packages 4 | 5 | # Serverless directories 6 | .serverless -------------------------------------------------------------------------------- /examples/exclude-function/handler.js: -------------------------------------------------------------------------------- 1 | module.exports.hello = async (event) => { 2 | return { 3 | statusCode: 200, 4 | body: JSON.stringify( 5 | { 6 | message: 'hello', 7 | input: event 8 | }, 9 | null, 10 | 2 11 | ) 12 | } 13 | } 14 | 15 | module.exports.world = async (event) => { 16 | return { 17 | statusCode: 200, 18 | body: JSON.stringify( 19 | { 20 | message: 'world', 21 | input: event 22 | }, 23 | null, 24 | 2 25 | ) 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /examples/exclude-function/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "exclude-function", 3 | "private": true, 4 | "version": "1.0.0", 5 | "description": "", 6 | "main": "index.js", 7 | "scripts": { 8 | "test": "echo \"Error: no test specified\" && exit 1" 9 | }, 10 | "keywords": [], 11 | "author": "", 12 | "license": "ISC", 13 | "devDependencies": { 14 | "serverless": "^3.38.0" 15 | } 16 | } -------------------------------------------------------------------------------- /examples/exclude-function/serverless.yml: -------------------------------------------------------------------------------- 1 | service: exclude-function 2 | 3 | frameworkVersion: "3" 4 | 5 | plugins: 6 | - ../../index 7 | 8 | provider: 9 | name: aws 10 | runtime: nodejs18.x 11 | 12 | custom: 13 | serverless-logging-config: 14 | logGroupName: exclude-function-demo 15 | useDefaultLogGroup: 16 | - world 17 | 18 | functions: 19 | hello: 20 | handler: handler.hello 21 | 22 | world: 23 | handler: handler.world 24 | -------------------------------------------------------------------------------- /examples/with-serverless-iam-roles-per-function/.gitignore: -------------------------------------------------------------------------------- 1 | # package directories 2 | node_modules 3 | jspm_packages 4 | 5 | # Serverless directories 6 | .serverless -------------------------------------------------------------------------------- /examples/with-serverless-iam-roles-per-function/handler.js: -------------------------------------------------------------------------------- 1 | module.exports.hello = async (event) => { 2 | return { 3 | statusCode: 200, 4 | body: JSON.stringify( 5 | { 6 | message: 'Go Serverless v1.0! Your function executed successfully!', 7 | input: event 8 | }, 9 | null, 10 | 2 11 | ) 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /examples/with-serverless-iam-roles-per-function/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "with-serverless-iam-roles-per-function", 3 | "version": "1.0.0", 4 | "description": "", 5 | "main": "index.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1" 8 | }, 9 | "keywords": [], 10 | "author": "", 11 | "license": "ISC", 12 | "devDependencies": { 13 | "serverless": "^3.38.0", 14 | "serverless-iam-roles-per-function": "^3.2.0" 15 | }, 16 | "dependencies": { 17 | "lodash": "^4.17.21" 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /examples/with-serverless-iam-roles-per-function/serverless.yml: -------------------------------------------------------------------------------- 1 | service: with-serverless-iam 2 | 3 | frameworkVersion: "3" 4 | 5 | plugins: 6 | - serverless-iam-roles-per-function 7 | - ../../index 8 | 9 | provider: 10 | name: aws 11 | runtime: nodejs18.x 12 | 13 | iam: 14 | role: 15 | statements: 16 | - Effect: Allow 17 | Action: 18 | - logs:CreateLogStream 19 | - logs:DescribeLogGroups 20 | - logs:DescribeLogStreams 21 | - logs:PutLogEvents 22 | Resource: "*" 23 | 24 | custom: 25 | serverless-logging-config: 26 | logGroupName: with-serverless-iam-roles 27 | 28 | serverless-iam-roles-per-function: 29 | defaultInherit: true 30 | 31 | functions: 32 | hello: 33 | handler: handler.hello 34 | iamRoleStatements: 35 | - Effect: Allow 36 | Action: logs:* 37 | Resource: "*" 38 | 39 | world: 40 | handler: handler.hello 41 | iamRoleStatements: 42 | - Effect: Allow 43 | Action: logs:CreateLogGroup 44 | Resource: "*" 45 | 46 | foo: 47 | handler: handler.hello 48 | 49 | bar: 50 | handler: handler.hello 51 | -------------------------------------------------------------------------------- /index.js: -------------------------------------------------------------------------------- 1 | const _ = require('lodash') 2 | 3 | class ServerlessLoggingConfig { 4 | constructor (serverless) { 5 | this.serverless = serverless 6 | this.log = (msgs) => console.log('serverless-logging-config:', msgs) 7 | 8 | this.hooks = { 9 | initialize: () => this.init(this), 10 | 'before:package:initialize': () => this.disableFunctionLogs(this), 11 | 'after:package:compileEvents': () => this.setLoggingConfig(this), 12 | 'before:package:finalize': () => this.addIamPermissions(this) 13 | } 14 | } 15 | 16 | init () { 17 | const settings = this.serverless.service.custom?.['serverless-logging-config'] 18 | if (!settings) { 19 | throw new Error(`serverless-logging-config: No custom settings found. 20 | You need to configure this plugin by add a "serverless-logging-config" section under "custom". 21 | For example, like this 22 | 23 | custom: 24 | serverless-logging-config: 25 | enableJson: true # [Optional] set the LogFormat to JSON 26 | logGroupName: "my-logs" # [Required] all functions to send logs to the "my-logs" log group 27 | applicationLogLevel: DEBUG | ERROR | FATAL | INFO | TRACE | WARN 28 | systemLogLevel: DEBUG | INFO | WARN 29 | 30 | For more information about these settings, please see the service announcement here: 31 | https://aws.amazon.com/about-aws/whats-new/2023/11/aws-lambda-controls-search-filter-aggregate-lambda-function-logs 32 | 33 | And see this page for more info on what these settings mean: 34 | https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-loggingconfig.html 35 | `) 36 | } 37 | } 38 | 39 | disableFunctionLogs () { 40 | const settings = this.serverless.service.custom['serverless-logging-config'] 41 | if (!settings.logGroupName) { 42 | return 43 | } 44 | 45 | const exclude = settings.useDefaultLogGroup || [] 46 | const functions = this.serverless.service.functions 47 | const functionNames = Object.keys(functions) 48 | functionNames 49 | .filter(x => !exclude.includes(x)) 50 | .forEach(x => { 51 | functions[x].disableLogs = true 52 | }) 53 | 54 | let logMsg = 'Disabled auto-generated Lambda log groups' 55 | if (exclude.length > 0) { 56 | logMsg += ` (excluding ${exclude.join(', ')})` 57 | } 58 | this.log(logMsg) 59 | } 60 | 61 | setLoggingConfig () { 62 | const settings = this.serverless.service.custom['serverless-logging-config'] 63 | const exclude = settings.useDefaultLogGroup || [] 64 | 65 | const template = this.serverless.service.provider.compiledCloudFormationTemplate 66 | const functions = Object 67 | .values(template.Resources) 68 | .filter(x => x.Type === 'AWS::Lambda::Function') 69 | 70 | for (const func of functions) { 71 | const isDisabled = this.isDefaultLogGroup(func, template) 72 | 73 | func.Properties.LoggingConfig = { 74 | ApplicationLogLevel: settings.applicationLogLevel, 75 | LogGroup: !isDisabled ? settings.logGroupName : undefined, 76 | LogFormat: settings.enableJson === true ? 'JSON' : 'Text', 77 | SystemLogLevel: settings.systemLogLevel 78 | } 79 | 80 | // after we disable the default log group, the DependsOn array will be null 81 | // unfortunately, some plugins like serverless-iam-roles-per-function needs 82 | // DependsOn to be an array, so we'll set it to an empty array if it's null 83 | if (!func.DependsOn) { 84 | func.DependsOn = [] 85 | } 86 | } 87 | 88 | let logMsg = 'Added LoggingConfig to all the functions' 89 | if (exclude.length > 0) { 90 | logMsg += ` (excluding ${exclude.join(', ')})` 91 | } 92 | this.log(logMsg) 93 | } 94 | 95 | addIamPermissions () { 96 | const settings = this.serverless.service.custom['serverless-logging-config'] 97 | if (!settings.logGroupName) { 98 | return 99 | } 100 | 101 | const template = this.serverless.service.provider.compiledCloudFormationTemplate 102 | const functions = Object 103 | .values(template.Resources) 104 | .filter(x => x.Type === 'AWS::Lambda::Function') 105 | 106 | const updateRole = roleLogicalId => { 107 | const role = template.Resources[roleLogicalId] 108 | if (!role) { 109 | this.log('Role not found:', roleLogicalId) 110 | return 111 | } 112 | 113 | const resource = { 114 | 'Fn::Sub': `arn:\${AWS::Partition}:logs:\${AWS::Region}:\${AWS::AccountId}:log-group:${settings.logGroupName}:*` 115 | } 116 | 117 | role.Properties.Policies.forEach(x => { 118 | x.PolicyDocument.Statement 119 | .filter(stm => stm.Effect === 'Allow') 120 | .forEach(stm => { 121 | stm.Action = this.arrayify(stm.Action) 122 | stm.Resource = this.arrayify(stm.Resource) 123 | 124 | if (stm.Action.filter(act => act.startsWith('logs:')).length > 0) { 125 | if (!stm.Resource.find(r => _.isEqual(r, resource))) { 126 | stm.Resource.push(resource) 127 | } 128 | } 129 | }) 130 | }) 131 | } 132 | 133 | // update the default role 134 | updateRole('IamRoleLambdaExecution') 135 | 136 | // update function roles 137 | functions.forEach(x => { 138 | const roleLogicalId = x.Properties.Role['Fn::GetAtt'][0] 139 | updateRole(roleLogicalId) 140 | }) 141 | 142 | this.log('Added permissions to all the functions.') 143 | } 144 | 145 | arrayify (obj) { 146 | if (Array.isArray(obj)) { 147 | return obj 148 | } else if (typeof obj === 'string') { 149 | return [obj] 150 | } else { 151 | return [obj] 152 | } 153 | } 154 | 155 | isDefaultLogGroup (x, template) { 156 | if (!x.DependsOn) { 157 | return false 158 | } 159 | 160 | for (const dep of x.DependsOn) { 161 | if (dep.endsWith('LogGroup')) { 162 | const logGroup = template.Resources[dep] 163 | if (logGroup.Type === 'AWS::Logs::LogGroup') { 164 | return true 165 | } 166 | } 167 | } 168 | 169 | return false 170 | } 171 | } 172 | 173 | module.exports = ServerlessLoggingConfig 174 | -------------------------------------------------------------------------------- /index.test.js: -------------------------------------------------------------------------------- 1 | const ServerlessLoggingConfig = require('./index') 2 | 3 | describe('Gven the custom section is missing', () => { 4 | let serverlessMock 5 | let plugin 6 | 7 | beforeEach(() => { 8 | serverlessMock = { 9 | service: { 10 | } 11 | } 12 | 13 | plugin = new ServerlessLoggingConfig(serverlessMock) 14 | }) 15 | 16 | test('init should throw error', () => { 17 | expect(() => plugin.init()).toThrow('No custom settings found') 18 | }) 19 | }) 20 | 21 | describe('Gven the custom.serverless-logging-config section is missing', () => { 22 | let serverlessMock 23 | let plugin 24 | 25 | beforeEach(() => { 26 | serverlessMock = { 27 | service: { 28 | custom: { 29 | } 30 | } 31 | } 32 | 33 | plugin = new ServerlessLoggingConfig(serverlessMock) 34 | }) 35 | 36 | test('init should throw error', () => { 37 | expect(() => plugin.init()).toThrow('No custom settings found') 38 | }) 39 | }) 40 | 41 | describe('Given a logGroupName is not set', () => { 42 | let serverlessMock 43 | let plugin 44 | 45 | beforeEach(() => { 46 | serverlessMock = { 47 | service: { 48 | custom: { 49 | 'serverless-logging-config': { 50 | enableJson: true 51 | } 52 | }, 53 | functions: { 54 | hello: { 55 | handler: 'hello.handler' 56 | }, 57 | world: { 58 | handler: 'world.handler' 59 | } 60 | }, 61 | provider: { 62 | compiledCloudFormationTemplate: { 63 | Resources: { 64 | HelloLambdaFunction: { 65 | Type: 'AWS::Lambda::Function', 66 | Properties: { 67 | Role: { 'Fn::GetAtt': ['IamRoleLambdaExecution'] } 68 | } 69 | }, 70 | WorldLambdaFunction: { 71 | Type: 'AWS::Lambda::Function', 72 | Properties: { 73 | Role: { 'Fn::GetAtt': ['IamRoleLambdaExecution'] } 74 | } 75 | }, 76 | IamRoleLambdaExecution: { 77 | Type: 'AWS::IAM::Role', 78 | Properties: { 79 | Policies: [{ 80 | PolicyDocument: { 81 | Statement: [{ 82 | Action: ['logs:CreateLogGroup', 'logs:CreateLogStream'], 83 | Resource: ['arn:aws:logs:region:account-id:*'] 84 | }] 85 | } 86 | }] 87 | } 88 | } 89 | } 90 | } 91 | } 92 | } 93 | } 94 | 95 | plugin = new ServerlessLoggingConfig(serverlessMock) 96 | }) 97 | 98 | test('init should load settings correctly', () => { 99 | expect(() => plugin.init()).not.toThrow() 100 | }) 101 | 102 | test('disableFunctionLogs should not disable logs for all functions', () => { 103 | plugin.disableFunctionLogs() 104 | Object.values(serverlessMock.service.functions) 105 | .forEach(func => { 106 | expect(func.disableLogs).toBeUndefined() 107 | }) 108 | }) 109 | 110 | test('setLoggingConfig should set a LoggingConfig for all functions', () => { 111 | plugin.setLoggingConfig() 112 | Object.values(serverlessMock.service.provider.compiledCloudFormationTemplate.Resources) 113 | .filter(x => x.Type === 'AWS::Lambda::Function') 114 | .forEach(resource => { 115 | expect(resource.Properties.LoggingConfig).toEqual({ 116 | LogFormat: 'JSON' 117 | }) 118 | 119 | expect(resource.DependsOn).toEqual([]) 120 | }) 121 | }) 122 | 123 | test('addIamPermissions should not modify the shared IAM role', () => { 124 | plugin.addIamPermissions() 125 | const role = serverlessMock.service.provider.compiledCloudFormationTemplate.Resources.IamRoleLambdaExecution 126 | expect(role).toEqual({ 127 | Type: 'AWS::IAM::Role', 128 | Properties: { 129 | Policies: [{ 130 | PolicyDocument: { 131 | Statement: [{ 132 | Action: ['logs:CreateLogGroup', 'logs:CreateLogStream'], 133 | Resource: ['arn:aws:logs:region:account-id:*'] 134 | }] 135 | } 136 | }] 137 | } 138 | }) 139 | }) 140 | }) 141 | 142 | describe('Given a logGroupName is set', () => { 143 | let serverlessMock 144 | let plugin 145 | const logGroupName = 'my-logs' 146 | 147 | beforeEach(() => { 148 | serverlessMock = { 149 | service: { 150 | custom: { 151 | 'serverless-logging-config': { 152 | logGroupName 153 | } 154 | }, 155 | functions: { 156 | hello: { 157 | handler: 'hello.handler' 158 | }, 159 | world: { 160 | handler: 'world.handler' 161 | } 162 | }, 163 | provider: { 164 | compiledCloudFormationTemplate: { 165 | Resources: { 166 | HelloLambdaFunction: { 167 | Type: 'AWS::Lambda::Function', 168 | Properties: { 169 | Role: { 'Fn::GetAtt': ['IamRoleLambdaExecution'] } 170 | } 171 | }, 172 | WorldLambdaFunction: { 173 | Type: 'AWS::Lambda::Function', 174 | Properties: { 175 | Role: { 'Fn::GetAtt': ['IamRoleLambdaExecution'] } 176 | } 177 | }, 178 | IamRoleLambdaExecution: { 179 | Type: 'AWS::IAM::Role', 180 | Properties: { 181 | Policies: [{ 182 | PolicyDocument: { 183 | Statement: [{ 184 | Effect: 'Allow', 185 | Action: ['logs:CreateLogGroup', 'logs:CreateLogStream'], 186 | Resource: ['arn:aws:logs:region:account-id:*'] 187 | }] 188 | } 189 | }] 190 | } 191 | } 192 | } 193 | } 194 | } 195 | } 196 | } 197 | 198 | plugin = new ServerlessLoggingConfig(serverlessMock) 199 | }) 200 | 201 | test('init should load settings correctly', () => { 202 | expect(() => plugin.init()).not.toThrow() 203 | }) 204 | 205 | test('disableFunctionLogs should disable logs for all functions', () => { 206 | plugin.disableFunctionLogs() 207 | Object.values(serverlessMock.service.functions) 208 | .forEach(func => { 209 | expect(func.disableLogs).toBe(true) 210 | }) 211 | }) 212 | 213 | test('setLoggingConfig should set a LoggingConfig for all functions', () => { 214 | plugin.setLoggingConfig() 215 | Object.values(serverlessMock.service.provider.compiledCloudFormationTemplate.Resources) 216 | .filter(x => x.Type === 'AWS::Lambda::Function') 217 | .forEach(resource => { 218 | expect(resource.Properties.LoggingConfig).toEqual({ 219 | LogGroup: logGroupName, 220 | LogFormat: 'Text' 221 | }) 222 | 223 | expect(resource.DependsOn).toEqual([]) 224 | }) 225 | }) 226 | 227 | test('addIamPermissions should add permissions to the shared IAM role', () => { 228 | plugin.addIamPermissions() 229 | const role = serverlessMock.service.provider.compiledCloudFormationTemplate.Resources.IamRoleLambdaExecution 230 | expect(role.Properties.Policies[0].PolicyDocument.Statement[0].Resource).toContainEqual({ 231 | // eslint-disable-next-line no-template-curly-in-string 232 | 'Fn::Sub': `arn:\${AWS::Partition}:logs:\${AWS::Region}:\${AWS::AccountId}:log-group:${logGroupName}:*` 233 | }) 234 | 235 | const insertedPermissions = role.Properties.Policies[0].PolicyDocument.Statement[0].Resource 236 | .filter(x => x['Fn::Sub'] === `arn:\${AWS::Partition}:logs:\${AWS::Region}:\${AWS::AccountId}:log-group:${logGroupName}:*`) 237 | expect(insertedPermissions).toHaveLength(1) 238 | }) 239 | }) 240 | 241 | describe('Given a logGroupName is set and a function is excluded', () => { 242 | let serverlessMock 243 | let plugin 244 | const logGroupName = 'my-logs' 245 | 246 | beforeEach(() => { 247 | serverlessMock = { 248 | service: { 249 | custom: { 250 | 'serverless-logging-config': { 251 | enableJson: true, 252 | logGroupName, 253 | useDefaultLogGroup: [ 254 | 'world' 255 | ] 256 | } 257 | }, 258 | functions: { 259 | hello: { 260 | handler: 'hello.handler' 261 | }, 262 | world: { 263 | handler: 'world.handler' 264 | } 265 | }, 266 | provider: { 267 | compiledCloudFormationTemplate: { 268 | Resources: { 269 | HelloLambdaFunction: { 270 | Type: 'AWS::Lambda::Function', 271 | Properties: { 272 | Role: { 'Fn::GetAtt': ['IamRoleLambdaExecution'] } 273 | } 274 | }, 275 | WorldLambdaFunction: { 276 | Type: 'AWS::Lambda::Function', 277 | Properties: { 278 | Role: { 'Fn::GetAtt': ['IamRoleLambdaExecution'] } 279 | } 280 | }, 281 | IamRoleLambdaExecution: { 282 | Type: 'AWS::IAM::Role', 283 | Properties: { 284 | Policies: [{ 285 | PolicyDocument: { 286 | Statement: [{ 287 | Effect: 'Allow', 288 | Action: ['logs:CreateLogGroup', 'logs:CreateLogStream'], 289 | Resource: ['arn:aws:logs:region:account-id:*'] 290 | }] 291 | } 292 | }] 293 | } 294 | } 295 | } 296 | } 297 | } 298 | } 299 | } 300 | 301 | plugin = new ServerlessLoggingConfig(serverlessMock) 302 | }) 303 | 304 | test('init should load settings correctly', () => { 305 | expect(() => plugin.init()).not.toThrow() 306 | }) 307 | 308 | test('disableFunctionLogs should not disable logs for excluded function', () => { 309 | plugin.disableFunctionLogs() 310 | const [hello, world] = Object.values(serverlessMock.service.functions) 311 | expect(hello.disableLogs).toBe(true) 312 | expect(world.disableLogs).toBeUndefined() 313 | }) 314 | 315 | test('setLoggingConfig should not use the shared log groug for excluded function', () => { 316 | const resources = serverlessMock.service.provider.compiledCloudFormationTemplate.Resources 317 | resources.WorldLambdaFunction.DependsOn = [ 318 | 'WorldLogGroup' 319 | ] 320 | resources.WorldLogGroup = { 321 | Type: 'AWS::Logs::LogGroup', 322 | Properties: { 323 | LogGroupName: '/aws/lambda/world' 324 | } 325 | } 326 | 327 | plugin.setLoggingConfig() 328 | const [hello, world] = Object.values(resources) 329 | .filter(x => x.Type === 'AWS::Lambda::Function') 330 | expect(hello.Properties.LoggingConfig).toEqual({ 331 | LogGroup: logGroupName, 332 | LogFormat: 'JSON' 333 | }) 334 | expect(world.Properties.LoggingConfig).toEqual({ 335 | LogFormat: 'JSON' 336 | }) 337 | }) 338 | 339 | test('addIamPermissions should add permissions to the shared IAM role', () => { 340 | plugin.addIamPermissions() 341 | const role = serverlessMock.service.provider.compiledCloudFormationTemplate.Resources.IamRoleLambdaExecution 342 | expect(role.Properties.Policies[0].PolicyDocument.Statement[0].Resource).toContainEqual({ 343 | // eslint-disable-next-line no-template-curly-in-string 344 | 'Fn::Sub': `arn:\${AWS::Partition}:logs:\${AWS::Region}:\${AWS::AccountId}:log-group:${logGroupName}:*` 345 | }) 346 | }) 347 | }) 348 | -------------------------------------------------------------------------------- /jest.config.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | collectCoverage: true, 3 | coverageReporters: [ 4 | 'text', 5 | 'html', 6 | 'lcov' 7 | ], 8 | testEnvironment: 'node' 9 | } 10 | -------------------------------------------------------------------------------- /jsconfig.json: -------------------------------------------------------------------------------- 1 | { "typeAcquisition": { "include": [ "jest" ] } } 2 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "serverless-logging-config", 3 | "repository": { 4 | "type": "git", 5 | "url": "git+https://github.com/theburningmonk/serverless-logging-config.git" 6 | }, 7 | "version": "1.0.2", 8 | "description": "Lets you configure custom log group, JSON logging, and other recent logging changes announce in Nov 2023.", 9 | "main": "index.js", 10 | "scripts": { 11 | "lint": "eslint .", 12 | "test": "jest", 13 | "semantic-release": "semantic-release" 14 | }, 15 | "keywords": [], 16 | "author": "Yan Cui", 17 | "license": "MIT", 18 | "devDependencies": { 19 | "@commitlint/cli": "^18.4.3", 20 | "@commitlint/config-conventional": "^18.4.3", 21 | "@types/jest": "^29.5.10", 22 | "coveralls": "^3.1.1", 23 | "eslint": "^8.54.0", 24 | "eslint-config-standard": "^17.1.0", 25 | "eslint-plugin-import": "^2.29.0", 26 | "eslint-plugin-node": "^11.1.0", 27 | "eslint-plugin-promise": "^6.1.1", 28 | "eslint-plugin-standard": "^5.0.0", 29 | "husky": "^8.0.3", 30 | "jest": "^29.7.0", 31 | "lint-staged": "^15.1.0", 32 | "semantic-release": "^22.0.8" 33 | }, 34 | "husky": { 35 | "hooks": { 36 | "pre-commit": "lint-staged", 37 | "commit-msg": "commitlint -E HUSKY_GIT_PARAMS" 38 | } 39 | }, 40 | "lint-staged": { 41 | "*.js": [ 42 | "eslint" 43 | ] 44 | }, 45 | "release": { 46 | "branches": [ 47 | "main" 48 | ] 49 | } 50 | } 51 | --------------------------------------------------------------------------------