terraform-aws-sns-to-cloudwatch-logs-lambda
is a Terraform module to provision a Lambda Function which routes SNS messages to CloudWatch Logs
Exception: if using
var.aws_region
to specify deployment region, useversion = "2.0.1"
, until you can switch to provider aliases and explicit provider passing.
This Module allows simple and rapid deployment
- Creates Lambda function, Lambda Layer, IAM Policies, Triggers, and Subscriptions
- Creates (or use existing) SNS Topic, CloudWatch Log Group and Log Group Stream
- Options:
- Create CloudWatch Event to prevent Function hibernation
- Set Log Group retention period
- Python function editable in repository and in Lambda UI
- Python dependencies packages in Lambda Layers zip
- Optionally create custom Lambda Layer zip using build-lambda-layer-python
- Enables adding/changing dependencies
- Enables compiling for different version of Python
- Breaking Changes in
3.0.0
- required to enable new Terraform 0.13 module argumentsfor_each
,count
, anddepends_on
- The module's internal AWS
provider
block has been removed var.aws_region
has been removed and can't be used to set a target region- By default, modules inherit the
region
of the calling module's Provider - To specify alternate regions, use provider aliases and expicit provider passing
- Additional information on module considerations can be found in the docs for Provider Configuration in Modules with 0.13
- The module's internal AWS
This Lambda Function forwards subject & body of SNS messages to CloudWatch Log Group Stream
- Enhances the value of CloudWatch Logs by enabling easy entry creation from any service, function and script that can send SNS notifications
- Enables cloud-init, bootstraps and functions to easily write log entries to a centralized CloudWatch Log
- Simplifies troubleshooting of solutions with decentralized logic
- scripts and functions spread across instances, Lambda and services
- Easily add instrumentation to scripts:
aws sns publish --topic-arn $TOPIC_ARN --message $LOG_ENTRY
- Use with IAM instance policy requires
--region $AWS_REGION
parameter
- Use with IAM instance policy requires
module "sns_logger" {
source = "robertpeteuil/sns-to-cloudwatch-logs-lambda/aws"
version = "3.0.1" # Use with Terraform >= 0.12 (including 0.13)
# version = "1.0.1" # Latest version for Terraform <= 0.11
sns_topic_name = "projectx-logging"
log_group_name = "projectx"
log_stream_name = "script-logs"
}
NOTE: Make sure you are using version pinning to avoid unexpected changes when the module is updated.
Name | Description | Type | Default | Required |
---|---|---|---|---|
sns_topic_name | Name of SNS Topic to be logged by Gateway | string | - | yes |
log_group_name | Name of CloudWatch Log Group | string | - | yes |
log_stream_name | Name of CloudWatch Log Stream | string | - | yes |
Name | Description | Type | Default | Required |
---|---|---|---|---|
create_sns_topic | Create new SNS topic | string | true |
no |
create_log_group | Create new log group | string | true |
no |
create_log_stream | Create new log stream | string | true |
no |
log_group_retention_days | Log Group retention (days) | string | 0 (forever) |
no |
lambda_func_name | Name for Lambda Function | string | dynamically calculated | no |
lambda_description | Lambda Function Description | string | Route SNS messages to CloudWatch Logs |
no |
lambda_tags | Mapping of Tags to assign to Lambda function | map | {} |
no |
lambda_publish_func | Publish Lambda Function | string | false |
no |
lambda_runtime | Lambda runtime for Function | string | python3.8 |
no |
lambda_timeout | Function time-out (seconds) | string | 3 |
no |
lambda_mem_size | Function RAM assigned (MB) | string | 128 |
no |
create_warmer_event | Create CloudWatch trigger event to prevent hibernation | string | false |
no |
Name | Version |
---|---|
terraform | >= 1.0 |
aws | >= 2.31 |
Name | Version |
---|---|
archive | n/a |
aws | >= 2.31 |
No modules.
Name | Type |
---|---|
aws_cloudwatch_event_rule.warmer | resource |
aws_cloudwatch_event_target.warmer | resource |
aws_cloudwatch_log_group.sns_logged_item_group | resource |
aws_cloudwatch_log_stream.sns_logged_item_stream | resource |
aws_iam_role.lambda_cloudwatch_logs | resource |
aws_iam_role_policy.lambda_cloudwatch_logs_polcy | resource |
aws_lambda_function.sns_cloudwatchlog | resource |
aws_lambda_layer_version.logging_base | resource |
aws_lambda_permission.sns_cloudwatchlog_multi | resource |
aws_lambda_permission.warmer_multi | resource |
aws_sns_topic.sns_log_topic | resource |
aws_sns_topic_subscription.lambda | resource |
archive_file.lambda_function | data source |
aws_cloudwatch_log_group.sns_logged_item_group | data source |
aws_iam_policy_document.lambda_cloudwatch_logs | data source |
aws_iam_policy_document.lambda_cloudwatch_logs_policy | data source |
aws_sns_topic.sns_log_topic | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
create_log_group | Boolean flag that determines if log group, 'log_group_name' is created. If 'false' it uses an existing group of that name. | bool |
true |
no |
create_log_stream | Boolean flag that determines if log stream, 'log_stream_name' is created. If 'false' it uses an existing stream of that name. | bool |
true |
no |
create_sns_topic | Boolean flag that determines if SNS topic, 'sns_topic_name' is created. If 'false' it uses an existing topic of that name. | bool |
true |
no |
create_warmer_event | Boolean flag that determines if a CloudWatch Trigger event is created to prevent Lambda function from suspending. | bool |
false |
no |
lambda_description | Description to assign to Lambda Function. | string |
"" |
no |
lambda_func_name | Name to assign to Lambda Function. | string |
"SNStoCloudWatchLogs" |
no |
lambda_mem_size | Amount of RAM (in MB) assigned to the function. The default (and minimum) is 128MB, and the maximum is 3008MB. | number |
128 |
no |
lambda_publish_func | Boolean flag that determines if Lambda function is published as a version. | bool |
false |
no |
lambda_runtime | Lambda runtime to use for the function. | string |
"python3.8" |
no |
lambda_tags | A mapping of tags to assign to Lambda Function. | map |
{} |
no |
lambda_timeout | Number of seconds that the function can run before timing out. The AWS default is 3s and the maximum runtime is 5m | number |
3 |
no |
log_group_name | Name of CloudWatch Log Group created or used (if previously created). | string |
n/a | yes |
log_group_retention_days | Number of days to retain data in the log group (0 = always retain). | number |
0 |
no |
log_stream_name | Name of CloudWatch Log Stream created or used (if previously created). If using an existing stream it must exist in the Log group specified in 'log_group_name'. | string |
n/a | yes |
sns_topic_name | Name of SNS Topic logging to CloudWatch Log. | string |
n/a | yes |
Name | Description |
---|---|
cloudwatch_event_rule_arn | ARN of CloudWatch Trigger Event created to prevent hibernation. |
lambda_arn | ARN of created Lambda Function. |
lambda_iam_role_arn | Lambda IAM Role ARN. |
lambda_iam_role_id | Lambda IAM Role ID. |
lambda_last_modified | The date Lambda Function was last modified. |
lambda_name | Name assigned to Lambda Function. |
lambda_version | Latest published version of Lambda Function. |
log_group_arn | ARN of CloudWatch Log Group. |
log_group_name | Name of CloudWatch Log Group. |
log_stream_arn | ARN of CloudWatch Log Stream. |
log_stream_name | Name of CloudWatch Log Stream. |
sns_topic_arn | ARN of SNS Topic logging to CloudWatch Log. |
sns_topic_name | Name of SNS Topic logging to CloudWatch Log. |