By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

CloudWatch log subscription from Lambda doesn't show in the AWS Console UI, if created via CLI

0

If I have a Lambda that's set up to ingest CloudWatch logs from a particular log group, I can add a trigger via the UI and it will be listed along with that Lambda under "Configuration" > "Triggers". It will also be listed if I go to the log group itself in CloudWatch and select "Subscription filters".

However, I can accomplish much the same thing via the CLI by doing the following:

aws logs put-subscription-filter --log-group-name [whatever-the-name-is] --filter-name [a-name-for-the-subscription] --filter-pattern "" --destination-arn "arn:aws:lambda:[region]:[id]:[the-lambda-in-question]" --distribution ByLogStream

If I do this it will show up as a "Subscription filter" for the log group, but not as a "Trigger" for the Lambda. It still works the same way, though.

Topics
ServerlessComputeManagement & Governance
Tags
AWS LambdaAmazon CloudWatchAmazon CloudWatch Logs
Language
English
Timothy
asked a year ago471 views
1 Answer
0

Hi there

Here are the steps to configure an Amazon CloudWatch subscription filter to invoke an AWS Lambda Function:

  1. You will need to grant CloudWatch Logs permission to invoke the Lambda Function using the "AddPermission" API:

********** CLI Command **********

aws lambda add-permission
--function-name "FunctionName"
--statement-id "AllowCWToInvokeLambdaFunction"
--principal "logs.amazonaws.com"
--action "lambda:InvokeFunction"
--source-arn "arn:aws:logs:region:AccountID:log-group:YourLogGroup:*"
--source-account "AccountID"

********** CLI Command **********

---> Replace "FunctionName" with the name of your Lambda Function. ---> Replace "AccountID" with your AWS Account ID. ---> Replace "YourLogGroup" with the name of your CloudWatch Log Group.

  1. Create a Subscription Filter using the "PutSubscriptionFilter" API to send Log Events that contain a keyword. In the below example, the keyword "ERROR" is being used:

********** CLI Command **********

aws logs put-subscription-filter
--log-group-name YourLogGroup
--filter-name demo
--filter-pattern "ERROR"
--destination-arn arn:aws:lambda:region:AccountID:function:FunctionName

********** CLI Command **********

---> Replace "FunctionName" with the name of your Lambda Function. ---> Replace "AccountID" with your AWS Account ID. ---> Replace "YourLogGroup" with the name of your CloudWatch Log Group.

The CloudWatch Log Group "YourLogGroup" will invoke the Lambda Function when it receives a Log Event with the "ERROR" keyword.

References: [1] https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/SubscriptionFilters.html#LambdaFunctionExample

AWS
SUPPORT ENGINEER
TheLich
answered a year ago
  • Timothy
    a year ago

    Yeah, that's what I did. And it does work. I'm just pointing out that it has different visibility than I was expecting, because if I do it via the UI it shows up both as a "Subscription filter" for the log group and as a "Trigger" for the Lambda, but if I do it via the CLI it doesn't show up as a "Trigger", only a "Subscription filter".

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content