By using AWS re:Post, you agree to the Terms of Use

Cloudwatch logs subscription error

0

I have a lambda function to process some cloudwatch logs and am trying to create a subscription filter but keep running into this error:

An error occurred (InvalidParameterException) when calling the PutSubscriptionFilter operation: Could not execute the lambda function. Make sure you have given CloudWatch Logs permission to execute your function.

I have granted permissions as per the docs here with the command below: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/SubscriptionFilters.html

aws lambda add-permission --function-name <log processing lambda> --statement-id <id> --principal "logs.eu-west-1.amazonaws.com" --action "lambda:InvokeFunction" --source-arn "arn:aws:logs:eu-west-1: <acc no>:log-group:/aws/lambda/<function producing logs>" --source-account <acc no>

The permissions policy seems to have been created but the lambda isn't being triggered by log events...

aws lambda get-policy --function-name <log processing lambda> --output text
{"Version":"2012-10-17","Id":"default","Statement":[{"Sid":"<log processing lambda>","Effect":"Allow","Principal":{"Service":"logs.eu-west-1.amazonaws.com"},"Action":"lambda:InvokeFunction","Resource":"arn:aws:lambda:eu-west-1:<acc no>:function:<log processing lambda>","Condition":{"StringEquals":{"AWS:SourceAccount":"<acc no>"},"ArnLike":{"AWS:SourceArn":"arn:aws:logs:eu-west-1:<acc no>:log-group:/aws/lambda/<function producing logs>"}}}]}       <string>

Is there anything else that could be causing this error?

Edited by: tara on Sep 30, 2019 4:29 AM

Edited by: tara on Sep 30, 2019 4:32 AM

asked 3 years ago732 views
1 Answer
0

To process all logs in a loggroup you have to include :* on the end of the loggroup name:

aws lambda add-permission --function-name <log processing lambda> --statement-id <id> --principal "logs.eu-west-1.amazonaws.com" --action "lambda:InvokeFunction" --source-arn "arn:aws:logs:eu-west-1: <acc no>:log-group:/aws/lambda/<function producing logs>:*" --source-account <acc no>
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions