I have a lambda function to process some cloudwatch logs and am trying to create a subscription filter but keep running into this error:
An error occurred (InvalidParameterException) when calling the PutSubscriptionFilter operation: Could not execute the lambda function. Make sure you have given CloudWatch Logs permission to execute your function.
I have granted permissions as per the docs here with the command below: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/SubscriptionFilters.html
aws lambda add-permission --function-name <log processing lambda> --statement-id <id> --principal "logs.eu-west-1.amazonaws.com" --action "lambda:InvokeFunction" --source-arn "arn:aws:logs:eu-west-1: <acc no>:log-group:/aws/lambda/<function producing logs>" --source-account <acc no>
The permissions policy seems to have been created but the lambda isn't being triggered by log events...
aws lambda get-policy --function-name <log processing lambda> --output text
{"Version":"2012-10-17","Id":"default","Statement":[{"Sid":"<log processing lambda>","Effect":"Allow","Principal":{"Service":"logs.eu-west-1.amazonaws.com"},"Action":"lambda:InvokeFunction","Resource":"arn:aws:lambda:eu-west-1:<acc no>:function:<log processing lambda>","Condition":{"StringEquals":{"AWS:SourceAccount":"<acc no>"},"ArnLike":{"AWS:SourceArn":"arn:aws:logs:eu-west-1:<acc no>:log-group:/aws/lambda/<function producing logs>"}}}]} <string>
Is there anything else that could be causing this error?
Edited by: tara on Sep 30, 2019 4:29 AM
Edited by: tara on Sep 30, 2019 4:32 AM
AWS OFFICIALUpdated a year ago
