- Newest
- Most votes
- Most comments
Hi there
Here are the steps to configure an Amazon CloudWatch subscription filter to invoke an AWS Lambda Function:
- You will need to grant CloudWatch Logs permission to invoke the Lambda Function using the "AddPermission" API:
********** CLI Command **********
aws lambda add-permission
--function-name "FunctionName"
--statement-id "AllowCWToInvokeLambdaFunction"
--principal "logs.amazonaws.com"
--action "lambda:InvokeFunction"
--source-arn "arn:aws:logs:region:AccountID:log-group:YourLogGroup:*"
--source-account "AccountID"
********** CLI Command **********
---> Replace "FunctionName" with the name of your Lambda Function. ---> Replace "AccountID" with your AWS Account ID. ---> Replace "YourLogGroup" with the name of your CloudWatch Log Group.
- Create a Subscription Filter using the "PutSubscriptionFilter" API to send Log Events that contain a keyword. In the below example, the keyword "ERROR" is being used:
********** CLI Command **********
aws logs put-subscription-filter
--log-group-name YourLogGroup
--filter-name demo
--filter-pattern "ERROR"
--destination-arn arn:aws:lambda:region:AccountID:function:FunctionName
********** CLI Command **********
---> Replace "FunctionName" with the name of your Lambda Function. ---> Replace "AccountID" with your AWS Account ID. ---> Replace "YourLogGroup" with the name of your CloudWatch Log Group.
The CloudWatch Log Group "YourLogGroup" will invoke the Lambda Function when it receives a Log Event with the "ERROR" keyword.
References: [1] https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/SubscriptionFilters.html#LambdaFunctionExample
Relevant content
- asked 3 months ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a month ago
Yeah, that's what I did. And it does work. I'm just pointing out that it has different visibility than I was expecting, because if I do it via the UI it shows up both as a "Subscription filter" for the log group and as a "Trigger" for the Lambda, but if I do it via the CLI it doesn't show up as a "Trigger", only a "Subscription filter".