1

I can create a Cloudwatch Log trigger in the Designer section of the Lambda dashboard by following these instructions. Everything works as expected. But, I'm having a very difficult time setting these up in Terraform.

I'm trying to subscribe the logzio cloudwatch shipper lambda function to the log group of a specific function. However, whenever I reference the log group of the function that I want to subscribe, I get the following error when I run terraform apply command: The log group provided is reserved for the function logs of the destination function..

resource "aws_cloudwatch_log_subscription_filter" "test_lambdafunction_logfilter" {
  name            = "example"
  log_group_name  = aws_cloudwatch_log_group.example.name
  filter_pattern  = ""
  destination_arn = aws_lambda_function.example.arn

  depends_on      = [aws_lambda_permission.example_cloudwatch]
}

What am I doing wrong?

aberg
  • 11
  • 1
  • 5

1 Answers1

0
data "aws_cloudwatch_log_group" "apigw_cloudwatch" {
  name = "API-Gateway-Logs"
}

resource "aws_lambda_permission" "allow_cloudwatch_for_apigw" {
  statement_id = "AllowExecutionFromCloudWatch"
  action = "lambda:InvokeFunction"
  function_name = "${aws_lambda_function.log_forwarder_lambda.arn}"
  principal   = "logs.${var.region}.amazonaws.com"
  source_arn = "${data.aws_cloudwatch_log_group.apigw_cloudwatch.arn}"
}

resource "aws_cloudwatch_log_subscription_filter" "apiqw_log_filter_cloudwatch_trigger" {
  depends_on      = ["aws_lambda_permission.allow_cloudwatch_for_apigw"]
  name            = "apiGW"
  log_group_name  = "${data.aws_cloudwatch_log_group.apigw_cloudwatch.name}"
  filter_pattern  = ""
  destination_arn = "${aws_lambda_function.log_forwarder_lambda.arn}"
  distribution    = "ByLogStream"
}
Leftyb
  • 1