使用 AWS CDK 创建的 AWS Lambda@Edge 无法将日志发送至 CloudWatch

0

【以下的问题经过翻译处理】 我创建了一个简单的 Lambda@Edge 函数,如下所示。

'use strict';

exports.handler =  async function(event, context, callback) {
    const cf = event.Records[0].cf;
    console.log('Record: ', JSON.stringify(cf, null, 2));
    console.log('Context: ', JSON.stringify(context, null, 2));
    console.log('Request: ', JSON.stringify(cf.request, null, 2));
    callback(null, cf.request);
}

我使用 AWS CDKv2 experimental EdgeFunction 进行了部署,如下所示

const edgeFunction = new cloudfront.experimental.EdgeFunction(this, 'EdgeFunction', {
            runtime: Runtime.NODEJS_14_X,
            handler: 'index.handler',
            code: Code.fromAsset(path.join(__dirname, '../../../../lambda/ssr2')),
        });

我还将其设置为 Distribution (分配)的边缘函数

const distribution = new Distribution(this, 'Distribution', {
            defaultBehavior: {
                origin,
                cachePolicy: CachePolicy.CACHING_DISABLED,
                viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
                edgeLambdas: [
                    {
                        functionVersion: edgeFunction.currentVersion,
                        eventType: LambdaEdgeEventType.VIEWER_REQUEST,
                    }
                ]
            },

但当我尝试向 Distribution 发送请求时,日志却没有显示任何内容。

我检查了权限,该角色已经拥有权限

Allow: logs:CreateLogGroup
Allow: logs:CreateLogStream
Allow: logs:PutLogEvents

我希望将该函数日志写入 CloudWatch。我哪里做错了?

更新 1

以下是角色文件:

{
    "sdkResponseMetadata": null,
    "sdkHttpMetadata": null,
    "partial": false,
    "permissionsBoundary": null,
    "policies": [
      {
        "arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
        "document": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Resource": "*"
            }
          ]
        },
        "id": "ANPAJNCQGXC425412345",
        "name": "AWSLambdaBasicExecutionRole",
        "type": "managed"
      }
    ],
    "resources": {
      "logs": {
        "service": {
          "icon": "data:image/svg+xml;base64,PHN2ZyB2aWV3Qm94PSIwIDAgNjQgNjQiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CiAgPGcgdHJhbnNmb3JtPSJzY2FsZSguOCkiPgogICAgPGRlZnM+CiAgICAgIDxsaW5lYXJHcmFkaWVudCB4MT0iMCUiIHkxPSIxMDAlIiB4Mj0iMTAwJSIgeTI9IjAlIiBpZD0iYSI+CiAgICAgICAgPHN0b3Agc3RvcC1jb2xvcj0iI0IwMDg0RCIgb2Zmc2V0PSIwJSIvPgogICAgICAgIDxzdG9wIHN0b3AtY29sb3I9IiNGRjRGOEIiIG9mZnNldD0iMTAwJSIvPgogICAgICA8L2xpbmVhckdyYWRpZW50PgogICAgPC9kZWZzPgogICAgPGcgZmlsbD0ibm9uZSIgZmlsbC1ydWxlPSJldmVub2RkIj4KICAgICAgPHBhdGggZD0iTTAgMGg4MHY4MEgweiIgZmlsbD0idXJsKCNhKSIvPgogICAgICA8cGF0aCBkPSJNNTUuMDYgNDYuNzc3YzAtMy45MDktMy4yMDItNy4wOS03LjEzOC03LjA5LTMuOTM1IDAtNy4xMzYgMy4xODEtNy4xMzYgNy4wOSAwIDMuOTEgMy4yIDcuMDkgNy4xMzYgNy4wOXM3LjEzNy0zLjE4IDcuMTM3LTcuMDltMi4wMSAwYzAgNS4wMTEtNC4xMDMgOS4wODctOS4xNDcgOS4wODctNS4wNDMgMC05LjE0Ny00LjA3Ni05LjE0Ny05LjA4NyAwLTUuMDEgNC4xMDQtOS4wODYgOS4xNDctOS4wODYgNS4wNDQgMCA5LjE0OCA0LjA3NiA5LjE0OCA5LjA4Nm04LjQ0IDEzLjY5N0w1OC41IDU0LjIwM2ExMy4wMzMgMTMuMDMzIDAgMDEtMS45NDcgMi4xNmw2Ljk5OCA2LjI3YTEuNDc0IDEuNDc0IDAgMDAyLjA2Ni0uMTA3IDEuNDUzIDEuNDUzIDAgMDAtLjEwOC0yLjA1Mm0tMTcuNTg4LTIuODEyYzYuMDQzIDAgMTAuOTU4LTQuODgzIDEwLjk1OC0xMC44ODVzLTQuOTE1LTEwLjg4NC0xMC45NTgtMTAuODg0Yy02LjA0MSAwLTEwLjk1NyA0Ljg4Mi0xMC45NTcgMTAuODg0IDAgNi4wMDIgNC45MTYgMTAuODg1IDEwLjk1NyAxMC44ODVtMTkuMTkgNi4yQTMuNDgzIDMuNDgzIDAgMDE2NC41MjkgNjVhMy40NzUgMy40NzUgMCAwMS0yLjMyMi0uODgzTDU0LjkzMSA1Ny42YTEyLjkzNSAxMi45MzUgMCAwMS03LjAwOSAyLjA2Yy03LjE1IDAtMTIuOTY3LTUuNzc5LTEyLjk2Ny0xMi44ODIgMC03LjEwMiA1LjgxNy0xMi44ODEgMTIuOTY3LTEyLjg4MSA3LjE1MSAwIDEyLjk2OSA1Ljc3OSAxMi45NjkgMTIuODgxIDAgMi4wMzgtLjQ5MiAzLjk2LTEuMzQ0IDUuNjc0bDcuMzA5IDYuNTRhMy40NDQgMy40NDQgMCAwMS4yNTYgNC44NzJNMjEuMjggMjkuMzkzYzAgLjUxOS4wMzIgMS4wMzYuMDk0IDEuNTM2YS45OTQuOTk0IDAgMDEtLjgyMyAxLjEwNmMtMi40NzIuNjM0LTYuNTQgMi41NTMtNi41NCA4LjMxIDAgNC4zNDggMi40MTMgNi43NDggNC40MzkgNy45OTYuNjkxLjQzMyAxLjUxLjY2NCAyLjM3My42NzNsMTIuMTIyLjAxMS0uMDAyIDEuOTk3LTEyLjEzMS0uMDFjLTEuMjQ2LS4wMTQtMi40MjgtLjM1MS0zLjQyOC0uOTc3QzE1LjM3NyA0OC43OTcgMTIgNDUuODkgMTIgNDAuMzQ1YzAtNi42ODMgNC42LTkuMTUzIDcuMy0xMC4wMjYtLjAyLS4zMDctLjAzLS42MTctLjAzLS45MjYgMC01LjQ2IDMuNzI4LTExLjEyMyA4LjY3Mi0xMy4xNzEgNS43ODItMi40MDcgMTEuOTA4LTEuMjE0IDE2LjM4NCAzLjE4OSAxLjM4OCAxLjM2NCAyLjUyOSAzLjAyIDMuNDA0IDQuOTM3YTYuNTA5IDYuNTA5IDAgMDE0LjE1NC0xLjUwMmMzLjAwMiAwIDYuMzgyIDIuMjY0IDYuOTg0IDcuMjE1IDIuODEyLjY0NCA4Ljc1MyAyLjg5NCA4Ljc1MyAxMC4zNjIgMCAyLjk4MS0uOTQxIDUuNDQ0LTIuNzk4IDcuMzE5bC0xLjQzMy0xLjQwMWMxLjQ3My0xLjQ4OCAyLjIyLTMuNDc5IDIuMjItNS45MTggMC02LjUzMi01LjUwNC04LjE1Ny03Ljg3My04LjU1MWExLjAwMiAxLjAwMiAwIDAxLS44MjMtMS4xNTdjLS4zMjktNC4wNTUtMi43NTMtNS44NzItNS4wMy01Ljg3Mi0xLjQzNyAwLTIuNzg0LjY5NS0zLjY5NyAxLjkwN2ExLjAwNiAxLjAwNiAwIDAxLTEuNzUtLjI1OGMtLjgyMy0yLjI2Ni0yLjAxLTQuMTcxLTMuNTI1LTUuNjYxLTMuODgtMy44MTYtOS4xODQtNC44NS0xNC4xOTUtMi43NjYtNC4xNyAxLjcyNy03LjQzNyA2LjcwMi03LjQzNyAxMS4zMjgiIGZpbGw9IiNGRkYiLz4KICAgIDwvZz4KICA8L2c+Cjwvc3ZnPgo=",
          "name": "Amazon CloudWatch Logs"
        },
        "statements": [
          {
            "action": "logs:CreateLogGroup",
            "effect": "Allow",
            "resource": "*",
            "service": "logs",
            "source": {
              "index": "0",
              "policyName": "AWSLambdaBasicExecutionRole",
              "policyType": "managed"
            }
          },
          {
            "action": "logs:CreateLogStream",
            "effect": "Allow",
            "resource": "*",
            "service": "logs",
            "source": {
              "index": "0",
              "policyName": "AWSLambdaBasicExecutionRole",
              "policyType": "managed"
            }
          },
          {
            "action": "logs:PutLogEvents",
            "effect": "Allow",
            "resource": "*",
            "service": "logs",
            "source": {
              "index": "0",
              "policyName": "AWSLambdaBasicExecutionRole",
              "policyType": "managed"
            }
          }
        ]
      }
    },
    "roleName": "MyProject-EdgeFunctionFnServiceRoleC7B72E4-1DV3AZXP558ZS",
    "trustedEntities": [
      "lambda.amazonaws.com",
      "edgelambda.amazonaws.com"
    ]
  }

我刚刚尝试了使用 Lambda 面板中的测试。所有测试都将日志发送到 CloudWatch。但是,当我向 CloudFront 发送请求时,它没有发送任何内容。

更新 2 我刚从 StackOverflows 发现,日志不是集中存储的,而是分布在各个区域的。如下所示

/aws/lambda/us-east-1.MyProject-EdgeFunctionFn44308ADF-loJeFwXXzTOm

因此,我需要在 CloudFront 面板中打开它,而不是从 Lambda 面板中打开它。我在任何 AWS 文档中都没有找到相关信息。

参考

https://aws.amazon.com/id/blogs/networking-and-content-delivery/aggregating-lambdaedge-logs/

<https://stackoverflow.com/questions/66949758/serverless-aws-lambdaedge-how-to-debug#:~:text=Go%20to%20CloudWatch%20and%20search,%2D%3E%20Lambda%40Edge%20Errors %20>。

profile picture
专家
已提问 5 个月前44 查看次数
1 回答
0

【以下的回答经过翻译处理】 我以前在使用 Lambda@Edge 日志时也遇到过这个问题。日志会打印到用于接收内容的任何区域的 CloudWatch 日志组中。由于 Lambda@Edge 在所有使用的边缘位置进行复制,因此虽然您处理的是一个 Lambda 函数,但实际上您正在处理多达几十个 Lambda@Edge 函数。因此,请查看所有靠近您所在位置的区域中的 CloudWatch 日志组,查找边缘 Lambda 的日志组。

要在 CloudFront 面板中找到该选项,请访问 Telemetry->Monitoring,选择 Lambda@Edge 选项卡,选择相应的 lambda 版本,然后在右上角会出现一个名为 View Function Logs(查看函数日志)的下拉菜单,在那里您可以看到所有提供日志的区域。

profile picture
专家
已回答 5 个月前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则