如何从在 AWS Lambda 函数中运行的 Docker 映像获取日志?
[英]How to get logs from Docker image running in AWS Lambda function?
问题描述
I'm trying to debug an AWS Lambda function that's using a Docker image, as describedhere .
我试图调试是一个使用泊坞窗图像的AWS lambda表达式,如所描述这里。 I'm using the stock AWS Python image: public.ecr.aws/lambda/python:3.8我正在使用股票 AWS Python 图像: public.ecr.aws/lambda/python:3.8 : public.ecr.aws/lambda/python:3.8
I'm able to follow the steps described in the above link to test my function locally and it works just fine: docker run -p 9000:8080 hello-world , followed by curl -XPOST "http://localhost:9000/2015-03-31/functions/function/invocations" -d '{}' in another Terminal window properly performs the function I'm expecting.我可以按照上面链接中描述的步骤在本地测试我的功能,它工作得很好: docker run -p 9000:8080 hello-world ,然后是curl -XPOST "http://localhost:9000/2015-03-31/functions/function/invocations" -d '{}'在另一个终端窗口中正确执行我期望的功能。 However once this is running in Lambda, after successfully tagging the image and pushing it to AWS ECR, the function doesn't seem to be working and I'm not able to find any logs to debug the failed/missing executions.但是,一旦它在 Lambda 中运行,在成功标记图像并将其推送到 AWS ECR 后,该函数似乎不起作用,我无法找到任何日志来调试失败/丢失的执行。
I'm at a bit of a loss in terms of where these logs are stored, and/or what configuration I may be missing to get these logs into CloudWatch or something similar.我对这些日志的存储位置和/或将这些日志导入 CloudWatch 或类似内容可能缺少哪些配置感到有些茫然。 Where can I expect to find these logs to further debug my lambda function?我在哪里可以找到这些日志来进一步调试我的 lambda 函数?
2 个解决方案
解决方案1
2 已采纳 2021-07-11 00:28:03
So, there are no technical diferences from working with docker images with lambda compated to the code as zip or in s3.因此,使用 lambda 与 zip 或 s3 格式的代码兼容的 docker 图像与使用 docker 图像没有技术差异。 As for the logs, according to AWS documentation (and this is the description directly from the docs):至于日志,根据 AWS 文档(这是直接来自文档的描述):
AWS Lambda automatically monitors Lambda functions on your behalf, reporting metrics through Amazon CloudWatch. AWS Lambda 代表您自动监控 Lambda 函数,并通过 Amazon CloudWatch 报告指标。 To help you troubleshoot failures in a function, Lambda logs all requests handled by your function and also automatically stores logs generated by your code through Amazon CloudWatch Logs.为帮助您对函数中的故障进行故障排除,Lambda 会记录您的函数处理的所有请求,并通过 Amazon CloudWatch Logs 自动存储由您的代码生成的日志。
You can insert logging statements into your code to help you validate that your code is working as expected.您可以在代码中插入日志语句,以帮助您验证代码是否按预期工作。 Lambda automatically integrates with CloudWatch Logs and pushes all logs from your code to a CloudWatch Logs group associated with a Lambda function, which is named /aws/lambda/. Lambda 自动与 CloudWatch Logs 集成,并将所有日志从您的代码推送到与 Lambda 函数关联的 CloudWatch Logs 组,该组名为 /aws/lambda/。
So, the most basic code would have some sort of logging within your lambda.因此,最基本的代码将在您的 lambda 中进行某种日志记录。 My suggestion in this case to troubleshoot :在这种情况下,我建议进行故障排除:
1 - Like in the image bellow, go to your lambda function and try access the cloudwatch logs directly from the console. 1 - 如下图所示,转到您的 lambda 函数并尝试直接从控制台访问 cloudwatch 日志。 Make sure to confirm the default region in which your function was deployed.确保确认部署函数的默认区域。
2 - If the logs exists (the group for the lambda function exists), the check if there are any raise exceptions from your code. 2 - 如果日志存在(存在 lambda 函数的组),则检查您的代码是否有任何引发异常。
3 - If there are any errors indicating that the group log for cloudwatch doesn't exist or that the group log from the function doesnt exist, then check the configurations from your lambda directly in the console or, if you are using a framework like serverless or cloudwatch, the code structure. 3 - 如果有任何错误表明 cloudwatch 的组日志不存在或函数中的组日志不存在,请直接在控制台中检查 lambda 的配置,或者,如果您使用的是无服务器等框架或 cloudwatch,代码结构。
4 - Finally, if everything seems ok this could be only related to one simple thing. 4 - 最后,如果一切正常,这可能只与一件简单的事情有关。 User permissions from your account or Role permission from you lambda function (which is mostly the case for these situations).来自您帐户的用户权限或来自 lambda 函数的角色权限(大多数情况下都是这种情况)。
One thing that you should check is the basic role generated from your lambda, which ensures that you can create new log groups您应该检查的一件事是从 lambda 生成的基本角色,它确保您可以创建新的日志组
One policy example should be something like this (You can also add manually the CloudWatch Logs policy, the effect should be similar):一个策略示例应该是这样的(您也可以手动添加CloudWatch Logs策略,效果应该类似):
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "logs:CreateLogGroup",
"Resource": "arn:aws:logs:us-east-1:XXXXXXXXXX:*"
},
{
"Effect": "Allow",
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": [
"arn:aws:logs:us-east-1:XXXXXXXXXX:log-group:/aws/lambda/<YOUR-LAMBDA-FUNCTION>r:*"
]
}
]
} }
More related to this issue can be found here: https://aws.amazon.com/pt/premiumsupport/knowledge-center/lambda-cloudwatch-log-streams-error/可以在此处找到与此问题相关的更多信息: https : //aws.amazon.com/pt/premiumsupport/knowledge-center/lambda-cloudwatch-log-streams-error/
I say this because but I have used frequently docker for code dependencies with lambda, based on this first tutorial from when this feature was introduced.我这么说是因为,根据引入此功能时的第一个教程,我经常使用 docker 来处理与 lambda 的代码依赖关系。
https://aws.amazon.com/pt/blogs/aws/new-for-aws-lambda-container-image-support/ https://aws.amazon.com/pt/blogs/aws/new-for-aws-lambda-container-image-support/
Hopefully this was helpfull!希望这有帮助!
Feel free to leave additional comments.随意留下其他评论。
解决方案2
0 2021-11-24 00:22:50
For a special case when you are using serverless framework, I had to use the following to get the logs in the cloudwatch.对于使用无服务器框架的特殊情况,我必须使用以下内容来获取 cloudwatch 中的日志。
import logging
logger = logging.getLogger()
logger.setLevel(logging.INFO)
def lambda_handler(event: dict, context: dict) -> dict:
logger.info(json.dumps(event))
# ...
return {'statusCode': 200, 'body': json_str}
For my case, the lambda function runs inside ecr docker container.就我而言,lambda 函数在 ecr docker 容器内运行。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.