代码之家  ›  专栏  ›  技术社区  ›  prashant

AWS为Lambda创建云信息日志警报

amazon-cloudwatch amazon-sns amazon-cloudformation aws-lambda amazon-web-services
  •  2
  • prashant  · 技术社区  · 7 年前

    所有lambda都是使用CloudFormation脚本创建的,因此我正在搜索CloudFormation模板来配置CloudWatch日志上的警报。我找不到好的/有效的样品。下面是示例代码。 

    {
  "AWSTemplateFormatVersion" : "2010-09-09",
  "Description" : "AWS CloudTrail API Activity Alarm Template for CloudWatch Logs",
  "Parameters" : {
      "LogGroupName" : {
          "Type" : "String",
          "Default" : "CloudTrail/DefaultLogGroup",
          "Description" : "Enter CloudWatch Logs log group name. Default is CloudTrail/DefaultLogGroup"
      },
      "Email" : {
          "Type" : "String",
          "Description" : "Email address to notify when an API activity has triggered an alarm"
      }
  },
  "Resources" : {
    "SecurityGroupChangesAlarm": {
      "Type": "AWS::CloudWatch::Alarm",
      "Properties": {
          "AlarmName" : "CloudTrailSecurityGroupChanges",
          "AlarmDescription" : "Alarms when an API call is made to create, update or delete a Security Group.",
          "AlarmActions" : [{ "Ref" : "AlarmNotificationTopic" }],
          "MetricName" : "SecurityGroupEventCount",
          "Namespace" : "CloudTrailMetrics",
          "ComparisonOperator" : "GreaterThanOrEqualToThreshold",
          "EvaluationPeriods" : "1",
          "Period" : "300",
          "Statistic" : "Sum",
          "Threshold" : "1"
      }
    },

    "AlarmNotificationTopic": {
      "Type": "AWS::SNS::Topic",
      "Properties": {
          "Subscription": [
              {
                  "Endpoint": { "Ref": "Email" },
                  "Protocol": "email"
              }
          ]
      }
    }
  }
}
    1 回复  |  直到 6 年前
        1
  •  2
  •   prashant    7 年前

    下面是我在YAML中编写的cloudformation模板 

    Resources:
  LambdaExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
        - Effect: Allow
          Principal:
            Service:
            - lambda.amazonaws.com
          Action:
          - sts:AssumeRole
      Path: "/"
      Policies:
        - PolicyName: 'AllowLambdaAccess'
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Action:
                  - logs:CreateLogGroup
                  - logs:CreateLogStream
                  - logs:PutLogEvents
                Effect: "Allow"
                Resource:
                  Fn::Join:
                    - ''
                    - - 'arn:aws:logs:'
                      - Ref: AWS::Region
                      - ':'
                      - Ref: AWS::AccountId
                      - ':log-group:/aws/lambda/*'
              - Action:
                  - ec2:DescribeNetworkInterfaces
                  - ec2:CreateNetworkInterface
                  - ec2:DeleteNetworkInterface
                Effect: "Allow"
                Resource: "*"
      RoleName: !Sub "${AWS::StackName}-LambdaExecutionRole"
  SubscriptionFilter: 
    Type: "AWS::Logs::SubscriptionFilter"
    DependsOn: "LambdaInvokePermission"
    Properties: 
      LogGroupName: !Sub "/aws/lambda/${LogGroupName}"
      FilterPattern: "Exception"
      DestinationArn: 
        Fn::GetAtt: 
          - "LambdaFunction"
          - "Arn"
  LambdaFunction:
    Type: 'AWS::Lambda::Function'
    Properties:
      Code:
        S3Bucket: !Ref S3BucketName
        S3Key: !Ref ZipFile
      Description: Monitor Lambda Function
      Handler: 'index.handler'
      MemorySize: 1536
      Role: !GetAtt 
        - LambdaExecutionRole
        - Arn
      Runtime: nodejs6.10  
      Environment:
        Variables:
          SMTP_SERVER: !Ref SMTPServer
          SMTP_PORT: !Ref SMTPPort
          EMAIL_FROM: !Ref FromEmail
          EMAIL_TO: !Ref ToEmail
      Timeout: 300
      FunctionName: !Sub "${AWS::StackName}-LambdaFunction"
      VpcConfig:
        SecurityGroupIds: !Split [ ",", !Ref SecurityGroupId ]
        SubnetIds: !Split [ ",", !Ref SubnetIds ]
    DependsOn:
      - LambdaExecutionRole
  LambdaInvokePermission: 
      Type: AWS::Lambda::Permission
      Properties:
        FunctionName: !Ref "LambdaFunction"
        Action: "lambda:InvokeFunction"
        Principal: !Sub "logs.${AWS::Region}.amazonaws.com"
        SourceArn:  
            Fn::Join:
                - ''
                - - 'arn:aws:logs:'
                  - Ref: AWS::Region
                  - ':'
                  - Ref: AWS::AccountId
                  - !Sub ':log-group:/aws/lambda/${LogGroupName}*'
    推荐文章
    shesupplypi  ·  如何将一个应用程序或服务的无服务器输出引用到另一个应用程序或服务?
    2 年前
    ElPiter  ·  AWS IAM-Lambda拒绝访问DynamoDB
    2 年前
    user18520267  ·  AWS Lambda运行时。UserCodeSyntaxError:模块“salesAnalysisReport”中的语法错误:无效语法
    2 年前
    JakeHova  ·  让CloudWatch事件触发SQS发送给Lambda
    2 年前
    Rahul  ·  在aws lambda中使用APIGatewayProxyRequestEvent时如何获取日志记录的上下文
    2 年前
    Armando  ·  用户“db\u iamuser”的PAM身份验证失败
    2 年前
    Bobby Zhang  ·  如何将lambda URL调用限制为从自定义域名重定向的用户?
    2 年前
    Suvel Rathneswar  ·  如果我想在Lambda中计划一个cronjob,每次3个月,我应该在schedule属性中使用什么模式
    2 年前
    Jay Shankarpure  ·  虽然在AWS Lambda中给出了错误,但代码在本地机器上运行良好
    2 年前
    Aniket Srivastava  ·  从AWS Lambda拨打grpc电话的最佳实践
    2 年前
    关于   移动版
    代码之家 - 一站式码农服务社区
    沪ICP备11025650号