LoginSignup
3
2

More than 5 years have passed since last update.

@takc923

CloudWatch LogsをサブスクリプションするLambdaのテスト方法

Last updated at Posted at 2018-04-06

引数となるイベントの形式がこんな感じになってて

{
  "awslogs": {
    "data": "H4sIAAAAAAAAAHWPwQqCQBCGX0Xm7EFtK+smZBEUgXoLCdMhFtKV3akI8d0bLYmibvPPN3wz00CJxmQnTO41whwWQRIctmEcB6sQbFC3CjW3XW8kxpOpP+OC22d1Wml1qZkQGtoMsScxaczKN3plG8zlaHIta5KqWsozoTYw3/djzwhpLwivWFGHGpAFe7DL68JlBUk+l7KSN7tCOEJ4M3/qOI49vMHj+zCKdlFqLaU2ZHV2a4Ct/an0/ivdX8oYc1UVX860fQDQiMdxRQEAAA=="
  }
}

dataのvalueが加工されてるので、元の文字列からどうこのdataを作るか、という話。
ドキュメントによると↑の文字列を↓こうやると元の文字列が取り出せるらしい。

$ echo -n "<Content of Data>" | base64 -d | zcat

なので、逆をすれば元の文字列から引数にする文字列に変換できる。

$ echo "<Original String>" | gzip | base64

で、元の文字列は↓こんな感じのjson

{
    "owner": "111111111111",
    "logGroup": "CloudTrail",
    "logStream": "111111111111_CloudTrail_us-east-1",
    "subscriptionFilters": [
        "RecipientStream"
    ],
    "messageType": "DATA_MESSAGE",
    "logEvents": [
        {
            "id": "3195310660696698337880902507980421114328961542429EXAMPLE",
            "timestamp": 1432826855000,
            "message": "{\"eventVersion\":\"1.03\",\"userIdentity\":{\"type\":\"Root\"}"
        },
        {
            "id": "3195310660696698337880902507980421114328961542429EXAMPLE",
            "timestamp": 1432826855000,
            "message": "{\"eventVersion\":\"1.03\",\"userIdentity\":{\"type\":\"Root\"}"
        },
        {
            "id": "3195310660696698337880902507980421114328961542429EXAMPLE",
            "timestamp": 1432826855000,
            "message": "{\"eventVersion\":\"1.03\",\"userIdentity\":{\"type\":\"Root\"}"
        }
    ]
}

参考(再掲): https://docs.aws.amazon.com/ja_jp/AmazonCloudWatch/latest/logs/ValidateLogEventFlow.html

というわけで、

$ cat json
{
    "owner": "111111111111",
    "logGroup": "CloudTrail",
    "logStream": "111111111111_CloudTrail_us-east-1",
    "subscriptionFilters": [
        "RecipientStream"
    ],
    "messageType": "DATA_MESSAGE",
    "logEvents": [
        {
            "id": "3195310660696698337880902507980421114328961542429EXAMPLE",
            "timestamp": 1432826855000,
            "message": "{\"eventVersion\":\"1.03\",\"userIdentity\":{\"type\":\"Root\"}"
        },
        {
            "id": "3195310660696698337880902507980421114328961542429EXAMPLE",
            "timestamp": 1432826855000,
            "message": "{\"eventVersion\":\"1.03\",\"userIdentity\":{\"type\":\"Root\"}"
        },
        {
            "id": "3195310660696698337880902507980421114328961542429EXAMPLE",
            "timestamp": 1432826855000,
            "message": "{\"eventVersion\":\"1.03\",\"userIdentity\":{\"type\":\"Root\"}"
        }
    ]
}
$ cat json | gzip | base64
H4sIAG/axloAA+1S3WqDMBi99ylKru2If2nSO9lcGawwqozBMsTVUAJqJIkbRXz3JdY510cY+64C5+c75yO9szIDxGfDJNiugLcY4F7ASpx2UnStxW8r0ZWZLHi1QFMtWVFfy/Mfbt6pNSuUXs+eqntXR8lbzUVzzyvNpDL61xEcCQd25C1njZ7MR+RtUtdMqeLEsnPL7Na7OIvzfZKm8S5ZxEo+jPy3bT+/RhIvrTzwSBR4ECGICEIEB8EGY0igH8ENwTD0TZkw8DFBXhT6oU+Sl3j/9Pi9anbT3OTSRW0PNQp8hKMIQnjFm9Lb1T0FzKZ8Nv3NJSjYUuDdwIACl4JOMflQGpTrs0EMV5vCI+cghKZgALPx4P53/BMdL//cGZwvGEA5spoDAAA=

これを引数のdataのvalueに突っ込んだら、Lambdaのテストができる。

{
  "awslogs": {
    "data": "H4sIAG/axloAA+1S3WqDMBi99ylKru2If2nSO9lcGawwqozBMsTVUAJqJIkbRXz3JdY510cY+64C5+c75yO9szIDxGfDJNiugLcY4F7ASpx2UnStxW8r0ZWZLHi1QFMtWVFfy/Mfbt6pNSuUXs+eqntXR8lbzUVzzyvNpDL61xEcCQd25C1njZ7MR+RtUtdMqeLEsnPL7Na7OIvzfZKm8S5ZxEo+jPy3bT+/RhIvrTzwSBR4ECGICEIEB8EGY0igH8ENwTD0TZkw8DFBXhT6oU+Sl3j/9Pi9anbT3OTSRW0PNQp8hKMIQnjFm9Lb1T0FzKZ8Nv3NJSjYUuDdwIACl4JOMflQGpTrs0EMV5vCI+cghKZgALPx4P53/BMdL//cGZwvGEA5spoDAAA="
  }
}

試しにdecodeしてみる。

$ echo -n "H4sIAG/axloAA+1S3WqDMBi99ylKru2If2nSO9lcGawwqozBMsTVUAJqJIkbRXz3JdY510cY+64C5+c75yO9szIDxGfDJNiugLcY4F7ASpx2UnStxW8r0ZWZLHi1QFMtWVFfy/Mfbt6pNSuUXs+eqntXR8lbzUVzzyvNpDL61xEcCQd25C1njZ7MR+RtUtdMqeLEsnPL7Na7OIvzfZKm8S5ZxEo+jPy3bT+/RhIvrTzwSBR4ECGICEIEB8EGY0igH8ENwTD0TZkw8DFBXhT6oU+Sl3j/9Pi9anbT3OTSRW0PNQp8hKMIQnjFm9Lb1T0FzKZ8Nv3NJSjYUuDdwIACl4JOMflQGpTrs0EMV5vCI+cghKZgALPx4P53/BMdL//cGZwvGEA5spoDAAA=" | base64 -D | zcat
{
    "owner": "111111111111",
    "logGroup": "CloudTrail",
    "logStream": "111111111111_CloudTrail_us-east-1",
    "subscriptionFilters": [
        "RecipientStream"
    ],
    "messageType": "DATA_MESSAGE",
    "logEvents": [
        {
            "id": "3195310660696698337880902507980421114328961542429EXAMPLE",
            "timestamp": 1432826855000,
            "message": "{\"eventVersion\":\"1.03\",\"userIdentity\":{\"type\":\"Root\"}"
        },
        {
            "id": "3195310660696698337880902507980421114328961542429EXAMPLE",
            "timestamp": 1432826855000,
            "message": "{\"eventVersion\":\"1.03\",\"userIdentity\":{\"type\":\"Root\"}"
        },
        {
            "id": "3195310660696698337880902507980421114328961542429EXAMPLE",
            "timestamp": 1432826855000,
            "message": "{\"eventVersion\":\"1.03\",\"userIdentity\":{\"type\":\"Root\"}"
        }
    ]
}

OK。
ちなみにBSD系(Macとか)はbase64のデコードのオプションが-Dで、GNU系は-dの模様。
多分Kinesisとかも同じ。

参考(再掲含む):

3
2
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
3
2