CloudWatch log subscription from Lambda doesn't show in the AWS Console UI, if created via CLI


If I have a Lambda that's set up to ingest CloudWatch logs from a particular log group, I can add a trigger via the UI and it will be listed along with that Lambda under "Configuration" > "Triggers". It will also be listed if I go to the log group itself in CloudWatch and select "Subscription filters".

However, I can accomplish much the same thing via the CLI by doing the following:

aws logs put-subscription-filter --log-group-name [whatever-the-name-is] --filter-name [a-name-for-the-subscription] --filter-pattern "" --destination-arn "arn:aws:lambda:[region]:[id]:[the-lambda-in-question]" --distribution ByLogStream

If I do this it will show up as a "Subscription filter" for the log group, but not as a "Trigger" for the Lambda. It still works the same way, though.

  • I just noticed the same thing and stumbled on this while looking for an answer. Would be nice to get a response!

1 個回答

Hi there

Here are the steps to configure an Amazon CloudWatch subscription filter to invoke an AWS Lambda Function:

  1. You will need to grant CloudWatch Logs permission to invoke the Lambda Function using the "AddPermission" API:

********** CLI Command **********

aws lambda add-permission
--function-name "FunctionName"
--statement-id "AllowCWToInvokeLambdaFunction"
--principal ""
--action "lambda:InvokeFunction"
--source-arn "arn:aws:logs:region:AccountID:log-group:YourLogGroup:*"
--source-account "AccountID"

********** CLI Command **********

---> Replace "FunctionName" with the name of your Lambda Function. ---> Replace "AccountID" with your AWS Account ID. ---> Replace "YourLogGroup" with the name of your CloudWatch Log Group.

  1. Create a Subscription Filter using the "PutSubscriptionFilter" API to send Log Events that contain a keyword. In the below example, the keyword "ERROR" is being used:

********** CLI Command **********

aws logs put-subscription-filter
--log-group-name YourLogGroup
--filter-name demo
--filter-pattern "ERROR"
--destination-arn arn:aws:lambda:region:AccountID:function:FunctionName

********** CLI Command **********

---> Replace "FunctionName" with the name of your Lambda Function. ---> Replace "AccountID" with your AWS Account ID. ---> Replace "YourLogGroup" with the name of your CloudWatch Log Group.

The CloudWatch Log Group "YourLogGroup" will invoke the Lambda Function when it receives a Log Event with the "ERROR" keyword.

References: [1]

已回答 1 年前
  • Yeah, that's what I did. And it does work. I'm just pointing out that it has different visibility than I was expecting, because if I do it via the UI it shows up both as a "Subscription filter" for the log group and as a "Trigger" for the Lambda, but if I do it via the CLI it doesn't show up as a "Trigger", only a "Subscription filter".

您尚未登入。 登入 去張貼答案。

