如何使用 aws SDK 为 AWS Lambda 函数创建 CloudWatch 日志触发器?
[英]How to create CloudWatch logs trigger for AWS Lambda function using aws SDK?
问题描述
I according to https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CloudWatchLogs.html#putSubscriptionFilter-property
我根据https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CloudWatchLogs.html#putSubscriptionFilter-property
nodejs节点
const AWS = require('aws-sdk');
AWS.config = new AWS.Config
({
accessKeyId: "AKIA******",
secretAccessKey: "6RJf******vy",
});
const cloudwatchlogs = new AWS.CloudWatchLogs({ region: 'a******1' });
var params = {
destinationArn: 'arn:aws:lambda:******:function:******',
filterName: 'LambdaStream_******',
filterPattern: '?Error ?Waring ?error ?"node(1)" ?info ?INFO',
logGroupName: '/aws/lambda/******',
distribution: 'ByLogStream',
};
cloudwatchlogs.putSubscriptionFilter(params, function (err, data) {
if (err) console.log( err, err.stack);
else console.log(data);
});
I will get the following error:我会收到以下错误:
{ InvalidParameterException: Could not execute the lambda function. Make sure you have given CloudWatch Logs permission to ex ecute your function.
at Request.extractError
......
(/mnt/******/node_modules/aws-sdk/lib/sequential_executor.js:116:18) message: 'Could not execute the lambda function. Make sure you have given CloudWatch Logs permission to execute your function.', code: 'InvalidParameterException', time: 2019-03-21T03:05:47.966Z, requestId: '39c9******3', statusCode: 400, retryable: false, retryDelay: ******86 } InvalidParameterException: Could not execute the lambda function. Make sure you have given CloudWatch Logs permission to execute your function.
supplement: enter image description here补充:这里输入图片说明
I gave these executive roles:我给了这些执行角色:
AWSLambdaFullAccess
CloudWatchFullAccess
CloudWatchLogsFullAccess
AmazonVPCFullAccess
AWSLambdaVPCAccessExecutionRole
AWSLambdaRole
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutSubscriptionFilter",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
}
]
}
3 个解决方案
解决方案1
0 2019-03-21 06:56:46
var params = {
Action: 'lambda:InvokeFunction', /* required */
FunctionName: 'arn:aws:lambda:******:******:function:******', /* required */
Principal: 'logs.*region*.amazonaws.com', /* required */
StatementId: '******', /* required */
// SourceAccount: '******',
// SourceArn: 'arn:aws:logs:::******:******'
};
lambda.addPermission(params, function (err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});
解决方案2
0 2019-03-21 09:31:50
This is all you need in the role policy for having CloudWatch Full Access.这就是您在角色策略中拥有 CloudWatch 完全访问权限所需的全部内容。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "logs:*",
"Resource": "*"
}
]
}
解决方案3
0 2020-11-02 20:05:11
As specified in the docs, you need to grant permission to CloudWatch Logs the right to execute your Lambda function.如文档中所述,您需要向 CloudWatch Logs 授予执行 Lambda 函数的权限。
To perform this task, you can use this CLI command:要执行此任务,您可以使用此 CLI 命令:
aws lambda add-permission --function-name "lamda1" --statement-id "lamda1" --principal "logs.us-west-2.amazonaws.com" --action "lambda:InvokeFunction" --source-arn "arn:aws:logs:us-west-2:xxxxxx047983:log-group:testgroup:*" --source-account "xxxxxx047983"
Make sure you replace the function name with your function name and replace the xxxxxx with your account details.确保将函数名称替换为您的函数名称,并将 xxxxxx 替换为您的帐户详细信息。 For more information, see the Amazon CloudWatch Logs Guide .有关更多信息,请参阅Amazon CloudWatch 日志指南。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.