Cloudwatch Sumo Logger

Lambda logger

Terraforming the setup

Terraform the CloudWatch log publisher

resource "aws_lambda_function" "sumo_logging_lambda" {
function_name = "${var.env_name}-sumo-logging-lambda"
s3_bucket = "${var.env_name}-<bucket_name>"
s3_key = "lambda-logger/deployment.zip"
handler = "main"
runtime = "go1.x"
memory_size = "512"
timeout = "180"
role = <role_arn>
vpc_config {
subnet_ids = <subnet_ids>
security_group_ids = [aws_security_group.lambda_logging_security_group.id]
}
environment {
variables = {
SUMO_ENDPOINT = var.sumo_endpoint
}
}
}
resource "aws_security_group" "lambda_logging_security_group" {
vpc_id = var.vpc_id
name = "${var.env_name}-<security_group_name>"
}
resource "aws_security_group_rule" "lambda_logging_egress_rule" {
type = "egress"
from_port = 443
to_port = 443
protocol = "tcp"
security_group_id = aws_security_group.lambda_logging_security_group.id
cidr_blocks = ["0.0.0.0/0"]
}
resource "aws_iam_role" "lambda_logging_iam_role" {
name = "${var.env_name}-lambda-logging-iam-role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}data "aws_iam_policy_document" "lambda_logging_iam_policy_document" {
statement {
sid = "AllowLambdaPermissions"
effect = "Allow"
resources = ["*"]
actions = [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface",
"lambda:CreateFunction",
"lambda:InvokeAsync",
"lambda:InvokeFunction",
]
}
}
resource "aws_iam_policy" "lambda_logging_iam_policy" {
name = "${var.env_name}_lambda_logging_iam_policy"
policy = data.aws_iam_policy_document.lambda_logging_iam_policy_document.json
}
resource "aws_iam_role_policy_attachment" "lambda_logging_iam_role_policy_attachment" {
role = aws_iam_role.lambda_logging_iam_role.name
policy_arn = aws_iam_policy.lambda_logging_iam_policy.arn
}
resource "aws_cloudwatch_log_group" "lambda_rating_cloudwatch_log_group" {
name = "/aws/lambda/${var.env_name}-rating"
}
resource "aws_lambda_permission" "lambda_sumo_rating_trigger" {
statement_id = "lambda-sumo-rating-trigger"
action = "lambda:InvokeFunction"
function_name = var.sumo_logging_lambda_arn
principal = "logs.amazonaws.com"
source_arn = aws_cloudwatch_log_group.lambda_rating_cloudwatch_log_group[count.index].arn
}
resource "aws_cloudwatch_log_subscription_filter" "lambda_sumo_rating_subscription" {
name = "lambda-sumo-rating-subscription"
depends_on = [aws_lambda_permission.lambda_sumo_rating_trigger]
log_group_name = aws_cloudwatch_log_group.lambda_rating_cloudwatch_log_group[count.index].name
destination_arn = var.sumo_logging_lambda_arn
}

The Lambda function

Error: module.lambda.aws_lambda_function.lambda_sumo_logging: expected runtime to be one of 
[dotnetcore1.0 dotnetcore2.0 dotnetcore2.1 go1.x java8 nodejs4.3 nodejs4.3-edge nodejs6.10 nodejs8.10 provided python2.7 python3.6 python3.7 ruby2.5],
got nodejs12.x

Build and deploy Lambda

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store