0
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 1 year has passed since last update.

AWS Terraform – Cloud Watch Logs のサブスクリプションフィルタ + Lambda連携を Terraform管理

Last updated at Posted at 2023-09-19

概要

Cloud Watch Logs のサブスクリプションフィルタを使うと
ログのパターンを検出してLambdaを起動できる

AWSコンソールからの作り方はCloudWatchのロググループを選んで「アクション」から設定できる

image

これをTerraform管理する

Terraformのコード例

resource "aws_cloudwatch_log_subscription_filter" "xxx" {
  name            = "xxx"
  log_group_name  = "/path/to/log_group"
  filter_pattern  = "<フィルタパターン>"
  destination_arn = <LAMBDA関数のARN>
}

エラー

不要な指定

Error: putting CloudWatch Logs Subscription Filter (***********):
InvalidParameterException: destinationArn for vendor lambda cannot be used with roleArn

Lambdaを使う場合は role_arn の指定は不要のようだ

role_arn        = <ロールのARN>

権限不足

ログがLambdaを実行できるようにしておく必要がありそう

Error: putting CloudWatch Logs Subscription Filter (*****************): InvalidParameterException: Could not execute the lambda function. Make sure you have given CloudWatch Logs permission to execute your function.

resource "aws_lambda_permission" "yyy" {
  action        = "lambda:InvokeFunction"
  function_name = aws_lambda_function.some_lambda.function_name
  principal     = "logs.<REGION>.amazonaws.com"
}

公式

チャットメンバー募集

何か質問、悩み事、相談などあればLINEオープンチャットもご利用ください。

Twitter

0
1
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
0
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?