Terraform 部署后无法捕获 Lambda 函数的 CloudWatch 日志

问题描述 投票:0回答:1

我成功运行了 terraform apply,但 console.log 语句似乎没有发送到 CloudWatch。我遵循了这个解决方案:https://stackoverflow.com/a/75157142/9105207 我确实看到创建了 CloudWatch 日志组,但根本没有日志流。

这是我的代码:

CloudWatch 文件:

resource "aws_cloudwatch_log_group" "store_url_cloudwatch_log_group" {
  name              = "/aws/lambda/${aws_lambda_function.store_url_lambda.function_name}"
  retention_in_days = 14

  lifecycle {
    prevent_destroy = false
  }

  tags = merge(
    var.common_tags,
    {
      Name  = "${var.project}-Store-URL-CloudWatch-Log-Group"
      Stack = "Backend"
    }
  )
}

resource "aws_iam_policy" "store_url_logging_policy" {
  name = "Store-url-logging-policy"

  policy = jsonencode({
    "Version" : "2012-10-17",
    "Statement" : [
      {
        "Effect" : "Allow",
        "Action" : [
          "logs:CreateLogGroup",
          "logs:CreateLogStream",
          "logs:PutLogEvents"
        ],
        "Resource" : [
          "*"
        ]
      }
    ]
  })

  tags = merge(
    var.common_tags,
    {
      Name  = "${var.project}-Store-URL-Logging-Policy"
      Stack = "Backend"
    }
  )
}

resource "aws_iam_role_policy_attachment" "store_url_logging_policy_attachment" {
  role       = aws_iam_role.iam_for_lambda_store_url.id
  policy_arn = aws_iam_policy.store_url_logging_policy.arn
}

Lambda 函数文件:

data "aws_iam_policy_document" "store_url_lambda_assume_role" {
  statement {
    effect = "Allow"

    principals {
      type        = "Service"
      identifiers = ["lambda.amazonaws.com"]
    }

    actions = ["sts:AssumeRole"]
  }
}

resource "aws_iam_role" "iam_for_lambda_store_url" {
  name               = "IAM-for-lambda-store-url"
  assume_role_policy = data.aws_iam_policy_document.store_url_lambda_assume_role.json

  tags = merge(
    var.common_tags,
    {
      Name  = "${var.project}-Store-URL-Lambda-IAM-Role"
      Stack = "Backend"
    }
  )
}

resource "aws_lambda_function" "store_url_lambda" {
  function_name    = "store-url-lambda"
  role             = aws_iam_role.iam_for_lambda_store_url.arn
  handler          = "index.handler"
  runtime          = "nodejs20.x"
  source_code_hash = data.archive_file.lambda_store_url_zip.output_base64sha256
  s3_bucket        = module.s3_store_url_lambda_bucket.s3_bucket_id
  s3_key           = aws_s3_object.store_url_lambda_s3_object.key
  depends_on       = [aws_cloudwatch_log_group.store_url_cloudwatch_log_group]

  environment {
    variables = {
      S3_BUCKET = module.s3_store_url_lambda_bucket.s3_bucket_id
    }
  }

  tags = merge(
    var.common_tags,
    {
      Name  = "${var.project}-Store-URL-Lambda-Function"
      Stack = "Backend"
    }
  )
}

我删除了不相关的块。在我的 Lambda 函数中有 

console.log
语句。示例:

import crypto from 'node:crypto';
import { S3Client, PutObjectCommand } from '@aws-sdk/client-s3';
import RequestBody from './schemas/request-body';
import { doesObjectExist } from './utils/s3';
export const handler = async (event) => {
    const requestBody = event.body;
    console.log(`Request body is: ${requestBody}`);
amazon-web-services aws-lambda terraform amazon-cloudwatch
1个回答
0
投票
  • 一定要检查权限。 Lambda 需要与 AWS 托管策略 AWSLambdaBasicExecutionRole 相同的权限。
  • 此外,您的策略定义中存在语法错误。我将您的策略声明粘贴到 AWS 策略编辑器中,但它显示语法错误。这有效:
    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "logs:CreateLogGroup",
                    "logs:CreateLogStream",
                    "logs:PutLogEvents"
                ],
                "Resource": [
                    "*"
                ]
            }
        ]
    }
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.