如何将cloudwatch警报连接到lambda函数

时间:2016-01-14 22:26:17

标签: amazon-web-services amazon-sns amazon-cloudformation aws-lambda amazon-cloudwatch

如何将aws云监视警报连接到lambda函数调用?

我正在通过AWS CloudFormation模板以编程方式向我们作为云形成堆栈一部分创建的ELB添加云监视警报。我希望将警报发送到lambda函数,该函数将消息发布到Slack。虽然警报有效,并且SNS配置对我来说似乎是正确的,但是从不调用lambda函数。

lambda函数遵循以下示例:

https://medium.com/cohealo-engineering/how-set-up-a-slack-channel-to-be-an-aws-sns-subscriber-63b4d57ad3ea#.x2j9apedu

http://inopinatus.org/2015/07/13/hook-aws-notifications-into-slack-with-a-lambda-function/

lambda函数可以正常工作,我可以通过aws控制台发送测试数据,从而将消息发布到Slack。

使用看起来正确的云监控警报创建负载均衡器:

enter image description here

警报似乎配置为向正确的SNS主题发送警报:

enter image description here enter image description here

有一个SNS订阅该主题,lambda函数作为它的终点:

enter image description here

警报触发时会触发警报并将消息发送到正确的主题:

enter image description here

但是从不调用lambda函数:

enter image description here

但是,如果我在lambda函数上手动添加SNS主题作为“事件源”,则会在警报触发并发布Slack消息时调用它。

enter image description here

我是否误解了如何将云监视警报连接到lambda函数?或者我缺少一个小细节?

如果此方法不起作用,并且将lambda函数连接到云监视警报的唯一方法是将SNS主题添加为“事件源”,通过AWS CloudFormation模板执行此操作的适当方法是什么?我没有看到修改现有资源的明显方法,例如固定的lambda函数。

这是我的CloudFormation模板:

"GenericSlackAlertSNSTopic" : {
    "Type" : "AWS::SNS::Topic",
    "Properties" : {
        "Subscription" : [ {
            "Endpoint" : "arn:aws:lambda:us-east-1:[...]:function:snsToSlack",
            "Protocol" : "lambda"
        } ]
    }
},
"ELBNoTrafficAlarm": {
    "Type": "AWS::CloudWatch::Alarm",
    "Properties": {
        "Namespace" : "AWS/ELB",
        "AlarmDescription": "Alarm for no apparent traffic on an ELB.",
        "AlarmActions": [{
            "Ref": "GenericSlackAlertSNSTopic"
        }],
        "InsufficientDataActions": [{
            "Ref": "GenericSlackAlertSNSTopic"
        }],
        "MetricName": "RequestCount",
        "Statistic": "Sum",
        "Dimensions" : [ {
            "Name" : "LoadBalancerName",
            "Value" : { "Ref" : "ElasticLoadBalancer" }
        } ],
        "Period": "60",
        "EvaluationPeriods": "3",
        "Threshold" : "10",
        "ComparisonOperator": "LessThanOrEqualToThreshold"
    }
}

谢谢!

-neil

5 个答案:

答案 0 :(得分:6)

AWS发布(约3天前)在python和nodejs中使用lambda与AWS Cloudwatch进行松散集成的蓝图:https://aws.amazon.com/blogs/aws/new-slack-integration-blueprints-for-aws-lambda/

据说,我也遇到了和你一样的问题,按照蓝图中提到的步骤,我没有得到警报,直到我在lambda函数上手动添加SNS主题作为“事件源”。进一步调查引导我提出这个问题:Can't create a SNS Event source on a Lambda function using CloudFormation

最后阅读AWS文档: 1)http://docs.aws.amazon.com/lambda/latest/dg/intro-core-components.html

  

Amazon SNS通过主题订阅维护事件源映射   配置(没有AWS Lambda API来配置此映射)。

2)http://docs.aws.amazon.com/sns/latest/dg/sns-lambda.html

  

使用AWS管理配置带有Lambda端点的Amazon SNS   控制台

结论是,此刻的订阅应该通过AWS管理控制台

完成

摘要:目前使用Lambda端点配置Amazon SNS的唯一方法是通过AWS管理控制台

奖励:使用相同答案的类似问题:AWS Lambda scheduled event source via cloudformation

答案 1 :(得分:1)

在撰写本文时,要将CloudWatch警报连接到lambda,您需要一个 SNS主题

cloudwatch警报将以SNS主题作为警报操作,并且SNS主题除了要让lambda订阅指定主题之外,还需要具有lambda:Invoke权限。

CloudFormation模板

假设您在cloudformation模板和lambda arn(同一字符串中的arn字符串或资源)的模板中有cloudwatch警报,则可以将它们与资源 AWS :: Lambda :: Permission < / strong>和 AWS :: SNS :: Topic

例如,在此示例中(添加默认的lambda arn值):

  • aws cloudformation create-stack --stack-name MyTest --template-body file://mytest.yaml
AWSTemplateFormatVersion: '2010-09-09'

Parameters:

  LambdaArn:
    Type: String
    Description: The lambda arn, if lambda resource is in template change !Ref LambdaArn with !GetAtt LogicName.Arn
    Default: "[YOUR ARN]"

Resources:

  DummyTopic:
    Type: "AWS::SNS::Topic"
    Description: "sns topic to complete this dummy template, remove it when changing the cloudwatch alarm"
    Properties:
      TopicName: "mytest"

  CloudWatchAlarmInvocationAlarm:
    Type: "AWS::CloudWatch::Alarm"
    Description: "DummyAlarm change it (mainly Namespace, MetricName and Dimensions) to achieve your goal"
    Properties:
      Namespace: "AWS/SNS"
      AlarmDescription: "Dummy alarm"
      AlarmActions:
        - !Ref NotificationTopic
      MetricName: NumberOfMessagesPublished
      Statistic: "Sum"
      Dimensions:
        - Name: TopicName
          Value: !GetAtt DummyTopic.TopicName
      Period: 60
      EvaluationPeriods: 1
      Threshold: 1
      ComparisonOperator: "GreaterThanOrEqualToThreshold"
      TreatMissingData: notBreaching   # missing data points will not trigger the alarm => maintain

  NotificationTopic:
    Type: "AWS::SNS::Topic"
    Description: "Sns topic that communicates directly with the lambda"
    Properties:
      TopicName: "MyNotificationTopic"
      Subscription:
        - Endpoint: !Ref LambdaArn
          Protocol: "lambda"

  LambdaInvokePermission:
    Type: "AWS::Lambda::Permission"
    Properties:
      FunctionName: !Ref LambdaArn
      Action: "lambda:InvokeFunction"
      Principal: "sns.amazonaws.com"
      SourceArn:  !Ref NotificationTopic

答案 2 :(得分:0)

CloudWatch Scheduled事件现在将Lambda作为本机目标。 enter image description here

您还可以将预定事件添加到lambda

的cloudformation中
EventListFunction:
  Type: 'AWS::Serverless::Function'
  Properties:
    ...
    Events:
      Schedule1:
        Type: Schedule
        Properties:
          Schedule: rate(1 day)

答案 3 :(得分:0)

确保您授予SNS主题调用Lambda函数的权限。权限的CloudFormation将如下所示:

List<>

答案 4 :(得分:0)

此问题并非特定于Cloudwatch,而是SNS-topic / Lambda权限问题。

另请参阅:

AWS SNS ought to trigger my lambda, but does not