How can I configure a CloudWatch subscription filter to invoke my Lambda function?

2 minute read

I want to configure an Amazon CloudWatch subscription filter to invoke my AWS Lambda function.

Short description

With Amazon CloudWatch Logs, you can use a subscription filter that sends log data to your Lambda function. CloudWatch Logs subscription filters are base64 encoded and compressed with the GZIP format.

Before you create your Lambda function, calculate the volume of log data that will be generated. Be sure to create a function that can manage the volume amount. If the function doesn't have enough volume, then the log stream is throttled. For more information, see Lambda quotas.

Note: Streaming large amounts of CloudWatch Logs data might result in high usage charges. It's a best practice to use AWS Budgets to track spending and usage. For instructions, see How can I use AWS Budgets to track my spending and usage?

Resolution

Create a CloudWatch Logs subscription filter that sends log data to your AWS Lambda function.

Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you’re using the most recent AWS CLI version.

1. To provide CloudWatch Logs permission to invoke your Lambda function, run the AWS CLI command add-permission similar to the following:

aws lambda add-permission \
    --function-name "helloworld" \
    --statement-id "helloworld" \
    --principal "logs.amazonaws.com" \
    --action "lambda:InvokeFunction" \
    --source-arn "arn:aws:logs:region:123456789123:log-group:YourLogGroup:*" \
    --source-account "123456789012"

Important: Replace "helloworld" with your Lambda function name, "YourLogGroup" with your log group, and the example account number with your account.

2. Create a subscription filter using the AWS CLI command put-subscription-filter to send log events that contains a keyword. In the following example, the keyword "ERROR" is used for the Lambda function:

Important: Replace "YourLogGroup" with your log group and the example account number with your account.

aws logs put-subscription-filter \
    --log-group-name YourLogGroup \
    --filter-name demo \
    --filter-pattern "ERROR" \
    --destination-arn arn:aws:lambda:region:123456789123:function:helloworld

The CloudWatch log group "YourLogGroup" invokes the Lambda function when it receives a log event that contains the keyword "ERROR" similar to the following:

{
  "awslogs": {
    "data": "H4sIAAAAAAAAAHWPwQqCQBCGX0Xm7EFtK+smZBEUgXoLCdMhFtKV3akI8d0bLYmibvPPN3wz00CJxmQnTO41whwWQRIctmEcB6sQbFC3CjW3XW8kxpOpP+OC22d1Wml1qZkQGtoMsScxaczKN3plG8zlaHIta5KqWsozoTYw3/djzwhpLwivWFGHGpAFe7DL68JlBUk+l7KSN7tCOEJ4M3/qOI49vMHj+zCKdlFqLaU2ZHV2a4Ct/an0/ivdX8oYc1UVX860fQDQiMdxRQEAAA=="
  }
}

Related information

Filter and pattern syntax

Topics

Serverless Compute

Relevant content

Cloudwatch Subscription Filter does not ingest logs in Kinesis Data Stream
maryem
asked a month ago
Cloudwatch logs to Opensearch subscriptions
Accepted Answer
oc
asked 6 months ago
Can I use CloudWatch Logs to trigger a Lambda function?
Accepted Answer
Narendra-aws
asked 4 years ago
How can I send a variables from cloudwatch service to Lambda function using SNS Topic
Najeeb-Shhade
asked 9 months ago
Lambda function logs missing from CloudWatch when invoked from activity
innorstein
asked 5 years ago
Why doesn't Amazon SNS invoke my Lambda function when triggered by a CloudWatch alarm?
AWS OFFICIALUpdated 4 months ago
How do I troubleshoot a failed log delivery by a subscription filter in CloudWatch?
AWS OFFICIALUpdated 2 months ago
How do I create, configure, and troubleshoot a subscription filter to Kinesis using the CloudWatch console?
AWS OFFICIALUpdated a year ago
Why isn't Amazon SNS invoking my AWS Lambda function, and how do I troubleshoot the issue?
AWS OFFICIALUpdated 9 months ago
How to avoid network timeout issues when invoking long running Lambda functions from .NET6+ applications on Linux platforms
EXPERT
Gabriele
published 10 months ago