[英]How to create CloudWatch logs trigger for AWS Lambda using aws ruby SDK?
[英]How to create CloudWatch logs trigger for AWS Lambda function using aws SDK?
节点
const AWS = require('aws-sdk');
AWS.config = new AWS.Config
({
accessKeyId: "AKIA******",
secretAccessKey: "6RJf******vy",
});
const cloudwatchlogs = new AWS.CloudWatchLogs({ region: 'a******1' });
var params = {
destinationArn: 'arn:aws:lambda:******:function:******',
filterName: 'LambdaStream_******',
filterPattern: '?Error ?Waring ?error ?"node(1)" ?info ?INFO',
logGroupName: '/aws/lambda/******',
distribution: 'ByLogStream',
};
cloudwatchlogs.putSubscriptionFilter(params, function (err, data) {
if (err) console.log( err, err.stack);
else console.log(data);
});
我会收到以下错误:
{ InvalidParameterException: Could not execute the lambda function. Make sure you have given CloudWatch Logs permission to ex ecute your function.
at Request.extractError
......
(/mnt/******/node_modules/aws-sdk/lib/sequential_executor.js:116:18) message: 'Could not execute the lambda function. Make sure you have given CloudWatch Logs permission to execute your function.', code: 'InvalidParameterException', time: 2019-03-21T03:05:47.966Z, requestId: '39c9******3', statusCode: 400, retryable: false, retryDelay: ******86 } InvalidParameterException: Could not execute the lambda function. Make sure you have given CloudWatch Logs permission to execute your function.
补充:这里输入图片说明
我给了这些执行角色:
AWSLambdaFullAccess
CloudWatchFullAccess
CloudWatchLogsFullAccess
AmazonVPCFullAccess
AWSLambdaVPCAccessExecutionRole
AWSLambdaRole
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutSubscriptionFilter",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
}
]
}
var params = {
Action: 'lambda:InvokeFunction', /* required */
FunctionName: 'arn:aws:lambda:******:******:function:******', /* required */
Principal: 'logs.*region*.amazonaws.com', /* required */
StatementId: '******', /* required */
// SourceAccount: '******',
// SourceArn: 'arn:aws:logs:::******:******'
};
lambda.addPermission(params, function (err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});
这就是您在角色策略中拥有 CloudWatch 完全访问权限所需的全部内容。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "logs:*",
"Resource": "*"
}
]
}
如文档中所述,您需要向 CloudWatch Logs 授予执行 Lambda 函数的权限。
要执行此任务,您可以使用此 CLI 命令:
aws lambda 添加权限 --function-name "lamda1" --statement-id "lamda1" --principal "logs.us-west-2.amazonaws.com" --action "lambda:InvokeFunction" --source-arn "arn:aws:logs:us-west-2:xxxxxx047983:log-group:testgroup:*" --source-account "xxxxxx047983"
确保将函数名称替换为您的函数名称,并将 xxxxxx 替换为您的帐户详细信息。 有关更多信息,请参阅Amazon CloudWatch 日志指南。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.