All geek questions in one place

How to create a CloudWatch log trigger for AWS Lambda using the aws ruby ​​SDK?

I know there should be a way to create a trigger for AWS Lambda using aws ruby ​​sdk (how can this be done using the AWS Management Console).

* Update, I was able to find a way to create a trigger. I am using the following code for this:

@cloudwatchlogs = Aws::CloudWatchLogs::Client.new(region: region, credentials: Aws::Credentials.new(aws_access_key_id, aws_secret_access_key)) @cloudwatchlogs.put_subscription_filter({ log_group_name: "RDSOSMetrics", filter_name: "RDS metrics filter", filter_pattern: "RDS metrics filter pattern", destination_arn: function_arn })

When trying to do the following:

 *** Aws::CloudWatchLogs::Errors::InvalidParameterException Exception: Could not execute the lambda function. Make sure you have given CloudWatch Logs permission to execute your function

Just to test it, I have an X role that is bound to a Lambda function, and this role has added AWSLambdaFullAccess policy to it, but I still get this error.

Anything else i'm missing

Thank you Bakir

+6
source share
1 answer

CloudWatch log permissions can be added using

 client.add_permission({ action: "lambda:InvokeFunction", function_name: function_arn, principal: "logs." + region + ".amazonaws.com", source_account: account_id, source_arn: "arn:aws:logs:" + region + ":" + account_id + ":log-group:" + log_group_name + ":*", statement_id: unique_identifier, })

Where:

  • function_arn is your function identifier, similar to arn:aws:lambda:eu-west-1:111111111111:function:yourFunctionName
  • region is the name of your service area, similar to eu-west-1
  • account_id is your account identifier similar to 111111111111
  • log_group_name is the name of the logs that you will pass using /aws/lambda/logGroupName
  • unique_identifier is some random string to be used in a policy statement. For instance. ID-1

It should be performed in the following sequence:

  • Creating a Lambda Function and a Log Group
  • Add Permissions
  • Place subscription filter

Additional Information:

Note an asterisk at the end of source_arn :

 arn:aws:logs:eu-west-1:111111111111:log-group:logGroup:* arn:aws:logs:eu-west-1:111111111111:log-group:logGroup

This is an arn log threads, not an arn of a log group. It took me a while to debug this (until I found an error with aws lambda get-policy )

+1
source

Source: https://habr.com/ru/post/1014736/

More articles:


All Articles