[英]How to create CloudWatch logs trigger for AWS Lambda using aws ruby SDK?
[英]How to create CloudWatch logs trigger for AWS Lambda function using aws SDK?
節點
const AWS = require('aws-sdk');
AWS.config = new AWS.Config
({
accessKeyId: "AKIA******",
secretAccessKey: "6RJf******vy",
});
const cloudwatchlogs = new AWS.CloudWatchLogs({ region: 'a******1' });
var params = {
destinationArn: 'arn:aws:lambda:******:function:******',
filterName: 'LambdaStream_******',
filterPattern: '?Error ?Waring ?error ?"node(1)" ?info ?INFO',
logGroupName: '/aws/lambda/******',
distribution: 'ByLogStream',
};
cloudwatchlogs.putSubscriptionFilter(params, function (err, data) {
if (err) console.log( err, err.stack);
else console.log(data);
});
我會收到以下錯誤:
{ InvalidParameterException: Could not execute the lambda function. Make sure you have given CloudWatch Logs permission to ex ecute your function.
at Request.extractError
......
(/mnt/******/node_modules/aws-sdk/lib/sequential_executor.js:116:18) message: 'Could not execute the lambda function. Make sure you have given CloudWatch Logs permission to execute your function.', code: 'InvalidParameterException', time: 2019-03-21T03:05:47.966Z, requestId: '39c9******3', statusCode: 400, retryable: false, retryDelay: ******86 } InvalidParameterException: Could not execute the lambda function. Make sure you have given CloudWatch Logs permission to execute your function.
補充:這里輸入圖片說明
我給了這些執行角色:
AWSLambdaFullAccess
CloudWatchFullAccess
CloudWatchLogsFullAccess
AmazonVPCFullAccess
AWSLambdaVPCAccessExecutionRole
AWSLambdaRole
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutSubscriptionFilter",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
}
]
}
var params = {
Action: 'lambda:InvokeFunction', /* required */
FunctionName: 'arn:aws:lambda:******:******:function:******', /* required */
Principal: 'logs.*region*.amazonaws.com', /* required */
StatementId: '******', /* required */
// SourceAccount: '******',
// SourceArn: 'arn:aws:logs:::******:******'
};
lambda.addPermission(params, function (err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});
這就是您在角色策略中擁有 CloudWatch 完全訪問權限所需的全部內容。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "logs:*",
"Resource": "*"
}
]
}
如文檔中所述,您需要向 CloudWatch Logs 授予執行 Lambda 函數的權限。
要執行此任務,您可以使用此 CLI 命令:
aws lambda 添加權限 --function-name "lamda1" --statement-id "lamda1" --principal "logs.us-west-2.amazonaws.com" --action "lambda:InvokeFunction" --source-arn "arn:aws:logs:us-west-2:xxxxxx047983:log-group:testgroup:*" --source-account "xxxxxx047983"
確保將函數名稱替換為您的函數名稱,並將 xxxxxx 替換為您的帳戶詳細信息。 有關更多信息,請參閱Amazon CloudWatch 日志指南。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.