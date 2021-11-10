Lambda log monitoring and streaming to external services.
yarn add -DE js-gardener @blackflux/robo-config-plugin eslint object-hash and
yarn add -E lambda-monitor
gardener.js containing
// eslint-disable-next-line import/no-extraneous-dependencies
const gardener = require('js-gardener');
if (require.main === module) {
gardener().catch(() => process.exit(1));
}
.roboconfig.json containing (adjust as necessary!)
{
"lambda-monitor": {
"tasks": [
"assorted/@default"
],
"variables": {
"enableCloudTrail": "FILL_IN",
"awsRegion": "AWS_REGION"
}
},
"@blackflux/robo-config-plugin": {
"tasks": [
"assorted/@sls-closedsource"
],
"variables": {
"repoKey": "ORG_NAME/REPO_NAME",
"circleCiReadToken": "CIRCLE_CI_TOKEN",
"projectName": "PROJECT_NAME",
"owner": "GH_USER_NAME",
"ownerName": "ORG_NAME",
"mergeBot": "MERGE_BOT_NAME",
"awsRegion": "AWS_REGION",
"namespace": "com.sls.ORG_NAME"
}
}
}
node gardener.js
yarn install && yarn u
. manage.sh
yarn install && u && t
.depunusedignore
@blackflux/robo-config-plugin
@blackflux/eslint-plugin-rules
object-hash
HOWTO.md (and generated
CONFDOCS.md)
To exclude a lambda function from being monitored simply add the tag
"MONITORED": "0". Note that you need to manually unsubscribe if
process-log has already been subscribed to the CloudWatch stream.
While deploying this project is straight forward, there is a lot of complexity going on behind the scenes to ensure:
There are four lambda function created per stage. All operations are only performed on lambda functions tagged with the corresponding stage.
batcher-handler - Listens to SQS messages to group them before writing to S3
bundler-handler - Listens to SQS messages to group them before writing to json logging service
process-logs - This lambda function is subscribed to CloudWatch and processes the logs. Anomalies are submitted to rollbar and all detected log events are sent to the configured logging services. Tagged with
"MONITOR": "1" and
"MONITORED": "0".
subscribe - Subscribes the process-logs lambda function (detected using the
MONITOR tag) to all relevant CloudWatch Groups, excluding those functions that have the
MONITORED tag set to
0.
empty-bucket - Empty CloudTrail bucket when stage is removed from AWS.