我在具有Terraform的AWS上进行日志订阅时遇到问题。我希望将自己的Lambda日志(一旦在Cloudwatch中保存)可以发送到 Kinesis Stream 。我创建了一个使之成为可能的角色和策略,并创建了日志订阅。但是,当我尝试创建资源时,收到消息:无法将测试消息传递到指定的Kinesis流。检查给定的运动学流是否处于活动状态。
这是我的政策
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"kinesis:PutRecord",
"kinesis:PutRecords"
],
"Resource": "arn:aws:kinesis:us-east-1:accountID:stream/stream-name"
}
]
}
这是我的日志订阅:
resource "aws_cloudwatch_log_subscription_filter" "name_lambdafunction_logfilter" {
name = "name_lambdafunction_logfilter"
role_arn = "arn:aws:iam::accountID:role/cloudwatch_to_streams_role"
log_group_name = "/aws/lambda/${var.project}-name-${terraform.workspace}"
filter_pattern = "{ $.application = * }"
destination_arn = "arn:aws:kinesis:us-east-1:accountID:stream/stream-name"
distribution = "ByLogStream"
}