terraform-aws-sns-to-cloudwatch-logs-lambda is a Terraform module to provision a Lambda Function which routes SNS messages to CloudWatch Logs
Exception: if using
var.aws_regionto specify deployment region, useversion = "2.0.1", until you can switch to provider aliases and explicit provider passing.
This Module allows simple and rapid deployment
- Creates Lambda function, Lambda Layer, IAM Policies, Triggers, and Subscriptions
- Creates (or use existing) SNS Topic, CloudWatch Log Group and Log Group Stream
- Options:
- Create CloudWatch Event to prevent Function hibernation
- Set Log Group retention period
- Python function editable in repository and in Lambda UI
- Python dependencies packages in Lambda Layers zip
- Optionally create custom Lambda Layer zip using build-lambda-layer-python
- Enables adding/changing dependencies
- Enables compiling for different version of Python
- Breaking Changes in
3.0.0- required to enable new Terraform 0.13 module argumentsfor_each,count, anddepends_on- The module's internal AWS
providerblock has been removed var.aws_regionhas been removed and can't be used to set a target region- By default, modules inherit the
regionof the calling module's Provider - To specify alternate regions, use provider aliases and expicit provider passing
- Additional information on module considerations can be found in the docs for Provider Configuration in Modules with 0.13
- The module's internal AWS
This Lambda Function forwards subject & body of SNS messages to CloudWatch Log Group Stream
- Enhances the value of CloudWatch Logs by enabling easy entry creation from any service, function and script that can send SNS notifications
- Enables cloud-init, bootstraps and functions to easily write log entries to a centralized CloudWatch Log
- Simplifies troubleshooting of solutions with decentralized logic
- scripts and functions spread across instances, Lambda and services
- Easily add instrumentation to scripts:
aws sns publish --topic-arn $TOPIC_ARN --message $LOG_ENTRY- Use with IAM instance policy requires
--region $AWS_REGIONparameter
- Use with IAM instance policy requires
module "sns_logger" {
source = "robertpeteuil/sns-to-cloudwatch-logs-lambda/aws"
version = "3.0.1" # Use with Terraform >= 0.12 (including 0.13)
# version = "1.0.1" # Latest version for Terraform <= 0.11
sns_topic_name = "projectx-logging"
log_group_name = "projectx"
log_stream_name = "script-logs"
}NOTE: Make sure you are using version pinning to avoid unexpected changes when the module is updated.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| sns_topic_name | Name of SNS Topic to be logged by Gateway | string | - | yes |
| log_group_name | Name of CloudWatch Log Group | string | - | yes |
| log_stream_name | Name of CloudWatch Log Stream | string | - | yes |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| create_sns_topic | Create new SNS topic | string | true |
no |
| create_log_group | Create new log group | string | true |
no |
| create_log_stream | Create new log stream | string | true |
no |
| log_group_retention_days | Log Group retention (days) | string | 0 (forever) |
no |
| lambda_func_name | Name for Lambda Function | string | dynamically calculated | no |
| lambda_description | Lambda Function Description | string | Route SNS messages to CloudWatch Logs |
no |
| lambda_tags | Mapping of Tags to assign to Lambda function | map | {} |
no |
| lambda_publish_func | Publish Lambda Function | string | false |
no |
| lambda_runtime | Lambda runtime for Function | string | python3.11 |
no |
| lambda_timeout | Function time-out (seconds) | string | 3 |
no |
| lambda_mem_size | Function RAM assigned (MB) | string | 128 |
no |
| create_warmer_event | Create CloudWatch trigger event to prevent hibernation | string | false |
no |
| Name | Version |
|---|---|
| terraform | >= 1.0 |
| aws | >= 2.31 |
| Name | Version |
|---|---|
| archive | n/a |
| aws | >= 2.31 |
No modules.
| Name | Type |
|---|---|
| aws_cloudwatch_event_rule.warmer | resource |
| aws_cloudwatch_event_target.warmer | resource |
| aws_cloudwatch_log_group.sns_logged_item_group | resource |
| aws_cloudwatch_log_stream.sns_logged_item_stream | resource |
| aws_iam_role.lambda_cloudwatch_logs | resource |
| aws_iam_role_policy.lambda_cloudwatch_logs_polcy | resource |
| aws_lambda_function.sns_cloudwatchlog | resource |
| aws_lambda_layer_version.logging_base | resource |
| aws_lambda_permission.sns_cloudwatchlog_multi | resource |
| aws_lambda_permission.warmer_multi | resource |
| aws_sns_topic.sns_log_topic | resource |
| aws_sns_topic_subscription.lambda | resource |
| archive_file.lambda_function | data source |
| aws_cloudwatch_log_group.sns_logged_item_group | data source |
| aws_iam_policy_document.lambda_cloudwatch_logs | data source |
| aws_iam_policy_document.lambda_cloudwatch_logs_policy | data source |
| aws_sns_topic.sns_log_topic | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| create_log_group | Boolean flag that determines if log group, 'log_group_name' is created. If 'false' it uses an existing group of that name. | bool |
true |
no |
| create_log_stream | Boolean flag that determines if log stream, 'log_stream_name' is created. If 'false' it uses an existing stream of that name. | bool |
true |
no |
| create_sns_topic | Boolean flag that determines if SNS topic, 'sns_topic_name' is created. If 'false' it uses an existing topic of that name. | bool |
true |
no |
| create_warmer_event | Boolean flag that determines if a CloudWatch Trigger event is created to prevent Lambda function from suspending. | bool |
false |
no |
| lambda_description | Description to assign to Lambda Function. | string |
"" |
no |
| lambda_func_name | Name to assign to Lambda Function. | string |
"SNStoCloudWatchLogs" |
no |
| lambda_mem_size | Amount of RAM (in MB) assigned to the function. The default (and minimum) is 128MB, and the maximum is 3008MB. | number |
128 |
no |
| lambda_publish_func | Boolean flag that determines if Lambda function is published as a version. | bool |
false |
no |
| lambda_runtime | Lambda runtime to use for the function. | string |
"python3.11" |
no |
| lambda_tags | A mapping of tags to assign to Lambda Function. | map |
{} |
no |
| lambda_timeout | Number of seconds that the function can run before timing out. The AWS default is 3s and the maximum runtime is 5m | number |
3 |
no |
| log_group_name | Name of CloudWatch Log Group created or used (if previously created). | string |
n/a | yes |
| log_group_retention_days | Number of days to retain data in the log group (0 = always retain). | number |
0 |
no |
| log_stream_name | Name of CloudWatch Log Stream created or used (if previously created). If using an existing stream it must exist in the Log group specified in 'log_group_name'. | string |
n/a | yes |
| sns_topic_name | Name of SNS Topic logging to CloudWatch Log. | string |
n/a | yes |
| Name | Description |
|---|---|
| cloudwatch_event_rule_arn | ARN of CloudWatch Trigger Event created to prevent hibernation. |
| lambda_arn | ARN of created Lambda Function. |
| lambda_iam_role_arn | Lambda IAM Role ARN. |
| lambda_iam_role_id | Lambda IAM Role ID. |
| lambda_last_modified | The date Lambda Function was last modified. |
| lambda_name | Name assigned to Lambda Function. |
| lambda_version | Latest published version of Lambda Function. |
| log_group_arn | ARN of CloudWatch Log Group. |
| log_group_name | Name of CloudWatch Log Group. |
| log_stream_arn | ARN of CloudWatch Log Stream. |
| log_stream_name | Name of CloudWatch Log Stream. |
| sns_topic_arn | ARN of SNS Topic logging to CloudWatch Log. |
| sns_topic_name | Name of SNS Topic logging to CloudWatch Log. |