Reputation: 2966
How to create CloudWatch logs trigger for AWS Lambda using aws ruby SDK?
I know there should be a way to create trigger for AWS Lambda using aws ruby sdk (just like it is possible to do it using AWS Management Console).
*Update, I was able to find out a way to create trigger. I'm using following code to do that:
@cloudwatchlogs = Aws::CloudWatchLogs::Client.new(region: region, credentials: Aws::Credentials.new(aws_access_key_id, aws_secret_access_key))
@cloudwatchlogs.put_subscription_filter({
log_group_name: "RDSOSMetrics",
filter_name: "RDS metrics filter",
filter_pattern: "RDS metrics filter pattern",
destination_arn: function_arn
})
I'm getting following error while trying to do that:
*** Aws::CloudWatchLogs::Errors::InvalidParameterException Exception: Could not execute the lambda function. Make sure you have given CloudWatch Logs permission to execute your function
Just for the sake of testing it out, I have role X which is attached to Lambda function and that role has AWSLambdaFullAccess policy added to it, but I'm still getting this error.
Anything else I'm missing
Thanks, Bakir
Upvotes: 9
Views: 7512
Answers (1)
Reputation: 61
CloudWatch Logs permissions can be added with:
client.add_permission({
action: "lambda:InvokeFunction",
function_name: function_arn,
principal: "logs." + region + ".amazonaws.com",
source_account: account_id,
source_arn: "arn:aws:logs:" + region + ":" + account_id + ":log-group:" + log_group_name + ":*",
statement_id: unique_identifier,
})
Where:
- function_arn is your function identifier similar to
arn:aws:lambda:eu-west-1:111111111111:function:yourFunctionName - region is name of your service region similar to
eu-west-1 - account_id is id of your account similar to
111111111111 - log_group_name is name of logs you will be streaming from similar to
/aws/lambda/logGroupName - unique_identifier some random string to be used in policy statement. E.g.
ID-1
It should be executed in following sequence:
- Create Lambda function and Log group
- Add permissions
- Put subscription filter
More information:
- http://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Lambda/Client.html#add_permission-instance_method
- http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html
Note the asterisk symbol at the end of source_arn:
arn:aws:logs:eu-west-1:111111111111:log-group:logGroup:*
arn:aws:logs:eu-west-1:111111111111:log-group:logGroup
It is arn of log streams, not arn of log group.
It took me some time to debug this one (until I found error with aws lambda get-policy)
Upvotes: 6
Related Questions
- Process Daily Logs from Cloudwatch using lambda
- How do I use Lambda to get EC2 information via CloudWatch?
- How to send alert based on log message on CloudWatch
- How to setup Cloudwatch log for a Lambda created in Cloudformation
- How can I get log content in AWS Lambda from Cloudwatch
- How to monitor AWS Lambda events through Cloudwatch events
- trigger lambda function from log write in cloudwatch log group
- Cloudwatch trigger to Aws lambda
- Ruby AWS SDK CloudWatch
- AWS Ruby CloudWatch API returns nothing