我可以创建一个Cloudwatch 日志触发器设计师Lambda 仪表板部分这些说明。一切按预期进行。但是,我在 Terraform 中设置这些时遇到了很大困难。
我正在尝试将 logzio cloudwatch shipper lambda 函数订阅到特定函数的日志组。但是,每当我引用要订阅的函数的日志组时,运行terraform apply命令时都会出现以下错误:The log group provided is reserved for the function logs of the destination function.。
resource "aws_cloudwatch_log_subscription_filter" "test_lambdafunction_logfilter" {
name = "example"
log_group_name = aws_cloudwatch_log_group.example.name
filter_pattern = ""
destination_arn = aws_lambda_function.example.arn
depends_on = [aws_lambda_permission.example_cloudwatch]
}
我究竟做错了什么?
答案1
data "aws_cloudwatch_log_group" "apigw_cloudwatch" {
name = "API-Gateway-Logs"
}
resource "aws_lambda_permission" "allow_cloudwatch_for_apigw" {
statement_id = "AllowExecutionFromCloudWatch"
action = "lambda:InvokeFunction"
function_name = "${aws_lambda_function.log_forwarder_lambda.arn}"
principal = "logs.${var.region}.amazonaws.com"
source_arn = "${data.aws_cloudwatch_log_group.apigw_cloudwatch.arn}"
}
resource "aws_cloudwatch_log_subscription_filter" "apiqw_log_filter_cloudwatch_trigger" {
depends_on = ["aws_lambda_permission.allow_cloudwatch_for_apigw"]
name = "apiGW"
log_group_name = "${data.aws_cloudwatch_log_group.apigw_cloudwatch.name}"
filter_pattern = ""
destination_arn = "${aws_lambda_function.log_forwarder_lambda.arn}"
distribution = "ByLogStream"
}