使用 Terraform 到 AWS Lambda 的错误 aws_cloudwatch_log_subscription_filter
ERROR aws_cloudwatch_log_subscription_filter to AWS Lambda with Terraform
我正在尝试使用 Terraform 将 CloudWatchLogs 日志组订阅到 AWS Lambda,但出现错误。
我的代码是:
resource "aws_cloudwatch_log_subscription_filter" "test_lambdafunction_logfilter" {
name = "test_lambdafunction_logfilter"
role_arn = "arn:aws:iam::XXXXXXXXXXXX:role/dx-dev-rol-datadog-log-forwarder-function"
log_group_name = "dx-dev-lg-destination-content-full"
filter_pattern = "logtype test"
destination_arn = "arn:aws:iam::XXXXXXXXXXXX:lambda/dx-dev-lmbd-datadog-log-forwarder-function-01"
distribution = "Random"
}
Error: Error creating Cloudwatch log subscription filter:
InvalidParameterException: PutSubscriptionFilter operation cannot work with destinationArn for vendor iam
status code: 400, request id: 19836154-97e4-48f0-89b5-692f44ab1764
Terraform docs 指出 role_arn 和分布参数只能与 Kinesis 流目标一起使用。
错误消息仅说明当目标为 Lambda 时您不能使用 IAM 角色参数这一事实。
role_arn - (Optional) If you use Lambda as a destination, you should skip this argument and use aws_lambda_permission resource for granting access from CloudWatch logs to the destination Lambda function.
distribution - (Optional) This property is only applicable when the destination is an Amazon Kinesis stream.
最终插入和删除 role_arn 参数成功了:
resource "aws_cloudwatch_log_subscription_filter" "dx-dev-lg-destination-content-full" {
name = "dx-dev-lg-destination-content-full"
#role_arn = "arn:aws:iam:eu-central-1:442793498433:role/dx-dev-rol-datadog-log-forwarder-function"
log_group_name = "dx-dev-lg-destination-content-full"
filter_pattern = ""
destination_arn = "arn:aws:lambda:eu-central-1:442793498433:function:dx-dev-lmbd-datadog-log-forwarder-function-01"
}
我正在尝试使用 Terraform 将 CloudWatchLogs 日志组订阅到 AWS Lambda,但出现错误。
我的代码是:
resource "aws_cloudwatch_log_subscription_filter" "test_lambdafunction_logfilter" {
name = "test_lambdafunction_logfilter"
role_arn = "arn:aws:iam::XXXXXXXXXXXX:role/dx-dev-rol-datadog-log-forwarder-function"
log_group_name = "dx-dev-lg-destination-content-full"
filter_pattern = "logtype test"
destination_arn = "arn:aws:iam::XXXXXXXXXXXX:lambda/dx-dev-lmbd-datadog-log-forwarder-function-01"
distribution = "Random"
}
Error: Error creating Cloudwatch log subscription filter:
InvalidParameterException: PutSubscriptionFilter operation cannot work with destinationArn for vendor iam
status code: 400, request id: 19836154-97e4-48f0-89b5-692f44ab1764
Terraform docs 指出 role_arn 和分布参数只能与 Kinesis 流目标一起使用。 错误消息仅说明当目标为 Lambda 时您不能使用 IAM 角色参数这一事实。
role_arn - (Optional) If you use Lambda as a destination, you should skip this argument and use aws_lambda_permission resource for granting access from CloudWatch logs to the destination Lambda function.
distribution - (Optional) This property is only applicable when the destination is an Amazon Kinesis stream.
最终插入和删除 role_arn 参数成功了:
resource "aws_cloudwatch_log_subscription_filter" "dx-dev-lg-destination-content-full" {
name = "dx-dev-lg-destination-content-full"
#role_arn = "arn:aws:iam:eu-central-1:442793498433:role/dx-dev-rol-datadog-log-forwarder-function"
log_group_name = "dx-dev-lg-destination-content-full"
filter_pattern = ""
destination_arn = "arn:aws:lambda:eu-central-1:442793498433:function:dx-dev-lmbd-datadog-log-forwarder-function-01"
}