的NodeJS
const AWS = require('aws-sdk');
AWS.config = new AWS.Config
({
accessKeyId: "AKIA******",
secretAccessKey: "6RJf******vy",
});
const cloudwatchlogs = new AWS.CloudWatchLogs({ region: 'a******1' });
var params = {
destinationArn: 'arn:aws:lambda:******:function:******',
filterName: 'LambdaStream_******',
filterPattern: '?Error ?Waring ?error ?"node(1)" ?info ?INFO',
logGroupName: '/aws/lambda/******',
distribution: 'ByLogStream',
};
cloudwatchlogs.putSubscriptionFilter(params, function (err, data) {
if (err) console.log( err, err.stack);
else console.log(data);
});
我会收到以下错误:
{ InvalidParameterException: Could not execute the lambda function. Make sure you have given CloudWatch Logs permission to ex ecute your function.
at Request.extractError
......
(/mnt/******/node_modules/aws-sdk/lib/sequential_executor.js:116:18) message: 'Could not execute the lambda function. Make sure you have given CloudWatch Logs permission to execute your function.', code: 'InvalidParameterException', time: 2019-03-21T03:05:47.966Z, requestId: '39c9******3', statusCode: 400, retryable: false, retryDelay: ******86 } InvalidParameterException: Could not execute the lambda function. Make sure you have given CloudWatch Logs permission to execute your function.
补充:enter image description here
我给了这些执行角色:
AWSLambdaFullAccess
CloudWatchFullAccess
CloudWatchLogsFullAccess
AmazonVPCFullAccess
AWSLambdaVPCAccessExecutionRole
AWSLambdaRole
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutSubscriptionFilter",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
}
]
}
这是您在角色策略中获得CloudWatch Full Access所需的全部内容。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "logs:*",
"Resource": "*"
}
]
}
var params = {
Action: 'lambda:InvokeFunction', /* required */
FunctionName: 'arn:aws:lambda:******:******:function:******', /* required */
Principal: 'logs.*region*.amazonaws.com', /* required */
StatementId: '******', /* required */
// SourceAccount: '******',
// SourceArn: 'arn:aws:logs:::******:******'
};
lambda.addPermission(params, function (err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});