Cloudwatch logs subscription error

Question

I have a lambda function to process some cloudwatch logs and am trying to create a subscription filter but keep running into this error:  
  
An error occurred (InvalidParameterException) when calling the PutSubscriptionFilter operation: Could not execute the lambda function. Make sure you have given CloudWatch Logs permission to execute your function.  
  
I have granted permissions as per the docs here with the command below: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/SubscriptionFilters.html

```
aws lambda add-permission --function-name  --statement-id  --principal "logs.eu-west-1.amazonaws.com" --action "lambda:InvokeFunction" --source-arn "arn:aws:logs:eu-west-1: :log-group:/aws/lambda/" --source-account 
```

The permissions policy seems to have been created but the lambda isn't being triggered by log events...

```
aws lambda get-policy --function-name  --output text
{"Version":"2012-10-17","Id":"default","Statement":[{"Sid":"","Effect":"Allow","Principal":{"Service":"logs.eu-west-1.amazonaws.com"},"Action":"lambda:InvokeFunction","Resource":"arn:aws:lambda:eu-west-1::function:","Condition":{"StringEquals":{"AWS:SourceAccount":""},"ArnLike":{"AWS:SourceArn":"arn:aws:logs:eu-west-1::log-group:/aws/lambda/"}}}]}       
```

Is there anything else that could be causing this error?  
  
Edited by: tara on Sep 30, 2019 4:29 AM  
  
Edited by: tara on Sep 30, 2019 4:32 AM

Answer

To process all logs in a loggroup you have to include :* on the end of the loggroup name:

```
aws lambda add-permission --function-name  --statement-id  --principal "logs.eu-west-1.amazonaws.com" --action "lambda:InvokeFunction" --source-arn "arn:aws:logs:eu-west-1: :log-group:/aws/lambda/:*" --source-account 
```

Cloudwatch logs subscription error

Relevanter Inhalt