Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

使用 AWS CDK 创建的 AWS Lambda@Edge 无法将日志发送至 CloudWatch

0

【以下的问题经过翻译处理】 我创建了一个简单的 Lambda@Edge 函数,如下所示。

'use strict';

exports.handler =  async function(event, context, callback) {
    const cf = event.Records[0].cf;
    console.log('Record: ', JSON.stringify(cf, null, 2));
    console.log('Context: ', JSON.stringify(context, null, 2));
    console.log('Request: ', JSON.stringify(cf.request, null, 2));
    callback(null, cf.request);
}

我使用 AWS CDKv2 experimental EdgeFunction 进行了部署,如下所示

const edgeFunction = new cloudfront.experimental.EdgeFunction(this, 'EdgeFunction', {
            runtime: Runtime.NODEJS_14_X,
            handler: 'index.handler',
            code: Code.fromAsset(path.join(__dirname, '../../../../lambda/ssr2')),
        });

我还将其设置为 Distribution (分配)的边缘函数

const distribution = new Distribution(this, 'Distribution', {
            defaultBehavior: {
                origin,
                cachePolicy: CachePolicy.CACHING_DISABLED,
                viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
                edgeLambdas: [
                    {
                        functionVersion: edgeFunction.currentVersion,
                        eventType: LambdaEdgeEventType.VIEWER_REQUEST,
                    }
                ]
            },

但当我尝试向 Distribution 发送请求时,日志却没有显示任何内容。

我检查了权限,该角色已经拥有权限

Allow: logs:CreateLogGroup
Allow: logs:CreateLogStream
Allow: logs:PutLogEvents

我希望将该函数日志写入 CloudWatch。我哪里做错了?

更新 1

以下是角色文件:

{
    "sdkResponseMetadata": null,
    "sdkHttpMetadata": null,
    "partial": false,
    "permissionsBoundary": null,
    "policies": [
      {
        "arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
        "document": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Resource": "*"
            }
          ]
        },
        "id": "ANPAJNCQGXC425412345",
        "name": "AWSLambdaBasicExecutionRole",
        "type": "managed"
      }
    ],
    "resources": {
      "logs": {
        "service": {
          "icon": "data:image/svg+xml;base64,PHN2ZyB2aWV3Qm94PSIwIDAgNjQgNjQiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CiAgPGcgdHJhbnNmb3JtPSJzY2FsZSguOCkiPgogICAgPGRlZnM+CiAgICAgIDxsaW5lYXJHcmFkaWVudCB4MT0iMCUiIHkxPSIxMDAlIiB4Mj0iMTAwJSIgeTI9IjAlIiBpZD0iYSI+CiAgICAgICAgPHN0b3Agc3RvcC1jb2xvcj0iI0IwMDg0RCIgb2Zmc2V0PSIwJSIvPgogICAgICAgIDxzdG9wIHN0b3AtY29sb3I9IiNGRjRGOEIiIG9mZnNldD0iMTAwJSIvPgogICAgICA8L2xpbmVhckdyYWRpZW50PgogICAgPC9kZWZzPgogICAgPGcgZmlsbD0ibm9uZSIgZmlsbC1ydWxlPSJldmVub2RkIj4KICAgICAgPHBhdGggZD0iTTAgMGg4MHY4MEgweiIgZmlsbD0idXJsKCNhKSIvPgogICAgICA8cGF0aCBkPSJNNTUuMDYgNDYuNzc3YzAtMy45MDktMy4yMDItNy4wOS03LjEzOC03LjA5LTMuOTM1IDAtNy4xMzYgMy4xODEtNy4xMzYgNy4wOSAwIDMuOTEgMy4yIDcuMDkgNy4xMzYgNy4wOXM3LjEzNy0zLjE4IDcuMTM3LTcuMDltMi4wMSAwYzAgNS4wMTEtNC4xMDMgOS4wODctOS4xNDcgOS4wODctNS4wNDMgMC05LjE0Ny00LjA3Ni05LjE0Ny05LjA4NyAwLTUuMDEgNC4xMDQtOS4wODYgOS4xNDctOS4wODYgNS4wNDQgMCA5LjE0OCA0LjA3NiA5LjE0OCA5LjA4Nm04LjQ0IDEzLjY5N0w1OC41IDU0LjIwM2ExMy4wMzMgMTMuMDMzIDAgMDEtMS45NDcgMi4xNmw2Ljk5OCA2LjI3YTEuNDc0IDEuNDc0IDAgMDAyLjA2Ni0uMTA3IDEuNDUzIDEuNDUzIDAgMDAtLjEwOC0yLjA1Mm0tMTcuNTg4LTIuODEyYzYuMDQzIDAgMTAuOTU4LTQuODgzIDEwLjk1OC0xMC44ODVzLTQuOTE1LTEwLjg4NC0xMC45NTgtMTAuODg0Yy02LjA0MSAwLTEwLjk1NyA0Ljg4Mi0xMC45NTcgMTAuODg0IDAgNi4wMDIgNC45MTYgMTAuODg1IDEwLjk1NyAxMC44ODVtMTkuMTkgNi4yQTMuNDgzIDMuNDgzIDAgMDE2NC41MjkgNjVhMy40NzUgMy40NzUgMCAwMS0yLjMyMi0uODgzTDU0LjkzMSA1Ny42YTEyLjkzNSAxMi45MzUgMCAwMS03LjAwOSAyLjA2Yy03LjE1IDAtMTIuOTY3LTUuNzc5LTEyLjk2Ny0xMi44ODIgMC03LjEwMiA1LjgxNy0xMi44ODEgMTIuOTY3LTEyLjg4MSA3LjE1MSAwIDEyLjk2OSA1Ljc3OSAxMi45NjkgMTIuODgxIDAgMi4wMzgtLjQ5MiAzLjk2LTEuMzQ0IDUuNjc0bDcuMzA5IDYuNTRhMy40NDQgMy40NDQgMCAwMS4yNTYgNC44NzJNMjEuMjggMjkuMzkzYzAgLjUxOS4wMzIgMS4wMzYuMDk0IDEuNTM2YS45OTQuOTk0IDAgMDEtLjgyMyAxLjEwNmMtMi40NzIuNjM0LTYuNTQgMi41NTMtNi41NCA4LjMxIDAgNC4zNDggMi40MTMgNi43NDggNC40MzkgNy45OTYuNjkxLjQzMyAxLjUxLjY2NCAyLjM3My42NzNsMTIuMTIyLjAxMS0uMDAyIDEuOTk3LTEyLjEzMS0uMDFjLTEuMjQ2LS4wMTQtMi40MjgtLjM1MS0zLjQyOC0uOTc3QzE1LjM3NyA0OC43OTcgMTIgNDUuODkgMTIgNDAuMzQ1YzAtNi42ODMgNC42LTkuMTUzIDcuMy0xMC4wMjYtLjAyLS4zMDctLjAzLS42MTctLjAzLS45MjYgMC01LjQ2IDMuNzI4LTExLjEyMyA4LjY3Mi0xMy4xNzEgNS43ODItMi40MDcgMTEuOTA4LTEuMjE0IDE2LjM4NCAzLjE4OSAxLjM4OCAxLjM2NCAyLjUyOSAzLjAyIDMuNDA0IDQuOTM3YTYuNTA5IDYuNTA5IDAgMDE0LjE1NC0xLjUwMmMzLjAwMiAwIDYuMzgyIDIuMjY0IDYuOTg0IDcuMjE1IDIuODEyLjY0NCA4Ljc1MyAyLjg5NCA4Ljc1MyAxMC4zNjIgMCAyLjk4MS0uOTQxIDUuNDQ0LTIuNzk4IDcuMzE5bC0xLjQzMy0xLjQwMWMxLjQ3My0xLjQ4OCAyLjIyLTMuNDc5IDIuMjItNS45MTggMC02LjUzMi01LjUwNC04LjE1Ny03Ljg3My04LjU1MWExLjAwMiAxLjAwMiAwIDAxLS44MjMtMS4xNTdjLS4zMjktNC4wNTUtMi43NTMtNS44NzItNS4wMy01Ljg3Mi0xLjQzNyAwLTIuNzg0LjY5NS0zLjY5NyAxLjkwN2ExLjAwNiAxLjAwNiAwIDAxLTEuNzUtLjI1OGMtLjgyMy0yLjI2Ni0yLjAxLTQuMTcxLTMuNTI1LTUuNjYxLTMuODgtMy44MTYtOS4xODQtNC44NS0xNC4xOTUtMi43NjYtNC4xNyAxLjcyNy03LjQzNyA2LjcwMi03LjQzNyAxMS4zMjgiIGZpbGw9IiNGRkYiLz4KICAgIDwvZz4KICA8L2c+Cjwvc3ZnPgo=",
          "name": "Amazon CloudWatch Logs"
        },
        "statements": [
          {
            "action": "logs:CreateLogGroup",
            "effect": "Allow",
            "resource": "*",
            "service": "logs",
            "source": {
              "index": "0",
              "policyName": "AWSLambdaBasicExecutionRole",
              "policyType": "managed"
            }
          },
          {
            "action": "logs:CreateLogStream",
            "effect": "Allow",
            "resource": "*",
            "service": "logs",
            "source": {
              "index": "0",
              "policyName": "AWSLambdaBasicExecutionRole",
              "policyType": "managed"
            }
          },
          {
            "action": "logs:PutLogEvents",
            "effect": "Allow",
            "resource": "*",
            "service": "logs",
            "source": {
              "index": "0",
              "policyName": "AWSLambdaBasicExecutionRole",
              "policyType": "managed"
            }
          }
        ]
      }
    },
    "roleName": "MyProject-EdgeFunctionFnServiceRoleC7B72E4-1DV3AZXP558ZS",
    "trustedEntities": [
      "lambda.amazonaws.com",
      "edgelambda.amazonaws.com"
    ]
  }

我刚刚尝试了使用 Lambda 面板中的测试。所有测试都将日志发送到 CloudWatch。但是,当我向 CloudFront 发送请求时,它没有发送任何内容。

更新 2 我刚从 StackOverflows 发现,日志不是集中存储的,而是分布在各个区域的。如下所示

/aws/lambda/us-east-1.MyProject-EdgeFunctionFn44308ADF-loJeFwXXzTOm

因此,我需要在 CloudFront 面板中打开它,而不是从 Lambda 面板中打开它。我在任何 AWS 文档中都没有找到相关信息。

参考

https://aws.amazon.com/id/blogs/networking-and-content-delivery/aggregating-lambdaedge-logs/

<https://stackoverflow.com/questions/66949758/serverless-aws-lambdaedge-how-to-debug#:~:text=Go%20to%20CloudWatch%20and%20search,%2D%3E%20Lambda%40Edge%20Errors %20>。

Themen
ServerlosKalkulationManagement & UnternehmensführungVernetzung & Bereitstellung von Inhalten
Tags
AWS LambdaAmazon CloudWatchAmazon CloudFrontLambda @Edge
Sprache
中文 (简体)
profile picture
EXPERTE
rePost Polyglot
gefragt vor 5 Monaten53 Aufrufe
1 Antwort
0

【以下的回答经过翻译处理】 我以前在使用 Lambda@Edge 日志时也遇到过这个问题。日志会打印到用于接收内容的任何区域的 CloudWatch 日志组中。由于 Lambda@Edge 在所有使用的边缘位置进行复制,因此虽然您处理的是一个 Lambda 函数,但实际上您正在处理多达几十个 Lambda@Edge 函数。因此,请查看所有靠近您所在位置的区域中的 CloudWatch 日志组,查找边缘 Lambda 的日志组。

要在 CloudFront 面板中找到该选项,请访问 Telemetry->Monitoring,选择 Lambda@Edge 选项卡,选择相应的 lambda 版本,然后在右上角会出现一个名为 View Function Logs(查看函数日志)的下拉菜单,在那里您可以看到所有提供日志的区域。

profile picture
EXPERTE
rePost Polyglot
beantwortet vor 5 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt