![](/img/trans.png)
[英]ERROR aws_cloudwatch_log_subscription_filter to AWS Lambda with Terraform
[英]AWS lambda cloudwatch subscription
我想向AWS Lambda日志添加cloudwatch订阅,从而使我的AWS lambda由cloudwatch日志触发。 我应该为使用lambda的角色添加哪些权限以启用此功能?
默认情况下,您的Lambda将有权访问CloudWatch来写入日志(使用默认的AWSLambdaBasicExecutionRole),但是,如果您要手动添加它,则这是具有所需权限的策略:
{
"document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "*"
}
]
},
"name": "AWSLambdaBasicExecutionRole",
"id": "xxxxx",
"type": "managed",
"arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
}
Lambda上的CloudWatch事件触发器的Lambda功能策略:
{
"Version": "2012-10-17",
"Id": "default",
"Statement": [
{
"Sid": "uuid",
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Action": "lambda:invokeFunction",
"Resource": "arn:aws:lambda:us-east-x:xxxxxxxxxxxx:function:LambdaFunction",
"Condition": {
"ArnLike": {
"AWS:SourceArn": "arn:aws:events:us-east-x:xxxxxxxxxxxx:rule/CloudWatchRule"
}
}
}
]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.